https://wiki.zimbra.com/api.php?action=feedcontributions&user=Shanxt&feedformat=atomZimbra :: Tech Center - User contributions [en]2024-03-29T12:03:29ZUser contributionsMediaWiki 1.39.0https://wiki.zimbra.com/index.php?title=ShanxT-LDAP-Auth-Failed&diff=69220ShanxT-LDAP-Auth-Failed2022-09-20T16:02:06Z<p>Shanxt: </p>
<hr />
<div>{{BC|Community Sandbox}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=ShanxT - LDAP Auth Failed=<br />
{{KB|{{Unsupported}}|{{ZCS 8.0}}|{{ZCS 7.0}}|}}<br />
{{WIP}}<br />
== Introduction ==<br />
<br />
The password may get reset during a migration, DR, incorrect installation or messing around with the server. The logs will explicitly show errors like ''LDAP: error code 49 - Invalid Credentials'', or you may see postfix not connecting, etc.<br />
<br />
Different services (postfix, nginx, etc) also connect to ldap with their respective passwords. <br />
<br />
All these passwords are stored in ''/opt/zimbra/conf/localconfig.xml''. To see all the passwords, run:<br />
zmlocalconfig -s | grep ldap.*_pass<br />
<br />
<br />
== Checking localconfig.xml == <br />
<br />
We just need to determine how the password got reset. If it is during a migration or DR, one of the following is usually the culprit:<br />
<br />
==== Incorrect permissions on localconfig.xml ====<br />
In this case, the password isn't wrong, the file is just not readable by Zimbra. Confirm the permissions are as shown:<br />
ls -l /opt/zimbra/conf/localconfig.xml <br />
-rw-r-----. 1 zimbra zimbra 3887 Jun 4 20:08 /opt/zimbra/conf/localconfig.xml<br />
<br />
<br />
==== Passwords weren't taken from the old localconfig.xml ====<br />
After restoring the server, the passwords weren't not taken from the old localconfig.xml. So just pick the old localconfig.xml from the server, or from a backup, and replace the passwords on the current server's localconfig file.<br />
<br />
In a backup, it'll be in your 'sessions/<full-incr backup name>/sys' folder. Example:<br />
<br />
/opt/zimbra/backup/sessions/full-20130524.193020.262/sys/localconfig.xml<br />
<br />
<br />
== zmldappasswd ==<br />
<br />
If the above doesn't work or is not possible, use the 'zmldappasswd' command. The help file for that is self-explanatory:<br />
zmldappasswd --help<br />
<br />
You can also see this article, [[Resetting_LDAP_and_MySQL_Passwords#In_ZCS_5.0.x]], for examples. It was last updated for ZCS 5, but is valid for versions unto ZCS 8. The only difference is that a few more options have been added over the years<br />
<br />
<br />
== Changing ldap directly ==<br />
<br />
If zmdldappasswd also doesn't work, then it means that the ldap root password is probably messed up. To confirm, run:<br />
<br />
ldapwhoami -x -h `zmhostname` -D "cn=config" -w 'ldap_root_password_value'<br />
<br />
Replace 'ldap_root_password_value' with your actual password. <br />
If this is also incorrect, we'll have to change this manually.<br />
<br />
'''Please do this carefully. If you are unsure, and are an NE customer, please contact support before making the changes.'''<br />
<br />
We are going to create a base64 encoded salted SHA password, that we will then directly place in the ldap. <br />
<br />
: 1. Generate the password hash using 'slappasswd':<br />
NEWPASS=`/opt/zimbra/openldap/sbin/slappasswd -v -s 'Very_secure_pass_591' -h {SSHA}`<br />
<br />
# Note for 8.5 and later, SSHA512 should be used<br />
NEWPASS=`/opt/zimbra/openldap/sbin/slappasswd -o module-load=pw-sha2 -h {SSHA512} -s 'Very_Secure_pass_591'`<br />
<br />
: 2. BASE64 encode this password hash:<br />
NEWPASSB64=`echo -n "$NEWPASS" | openssl enc -base64 | tr -d '\n'`<br />
# Note: The hash can go across multiple lines, so the 'tr' deletes it. The entire hash should be on one line. Confirm this by running:<br />
echo $NEWPASSB64<br />
<br />
: 3. As the zimbra user, stop ldap:<br />
ldap stop<br />
<br />
: 4. Replace this new password in the file ~/data/ldap/config/cn=config/olcDatabase={0}config.ldif:<br />
cp '/opt/zimbra/data/ldap/config/cn=config/olcDatabase={0}config.ldif' /tmp/<br />
sed -i "s/olcRootPW.*/olcRootPW:: $NEWPASSB64/" '/opt/zimbra/data/ldap/config/cn=config/olcDatabase={0}config.ldif'<br />
<br />
The above command takes a backup of 'olcDatabase={0}config.ldif', and the places the new password in the file. If the command fails for whatever reason, just do the steps manually. Take a backup, and replace the existing value of 'olcRootPW:: ' in the 'olcDatabase={0}config.ldif' file with the value of $NEWPASS64.<br />
<br />
: 5. Start ldap:<br />
ldap start<br />
<br />
: 6. To test, run:<br />
ldapwhoami -x -h `zmhostname` -D "cn=config" -w 'ldap_root_password_value' <br />
<br />
: 7. Then update localconfig.xml as well<br />
<br />
<br />
<br />
== Checking if the password updated correctly ==<br />
<br />
Run the following to check each password.<br />
su - zimbra<br />
source ~/bin/zmshutil; zmsetvars<br />
<br />
# Main config user <br />
ldapwhoami -ZZ -x -D cn=config -H ldap://`zmhostname`:389 -w $ldap_root_password<br />
<br />
# Zimbra ldap user <br />
ldapwhoami -ZZ -x -D uid=zimbra,cn=admins,cn=zimbra -H ldap://`zmhostname`:389 -w $zimbra_ldap_password<br />
<br />
# Replication, if using multiple ldap servers<br />
ldapwhoami -ZZ -x -D uid=zmreplica,cn=admins,cn=zimbra -H ldap://`zmhostname`:389 -w $ldap_replication_password<br />
<br />
# Amavis<br />
ldapwhoami -ZZ -x -D uid=zmamavis,cn=appaccts,cn=zimbra -H ldap://`zmhostname`:389 -w $ldap_amavis_password<br />
<br />
# Nginx<br />
ldapwhoami -ZZ -x -D uid=zmnginx,cn=appaccts,cn=zimbra -H ldap://`zmhostname`:389 -w $ldap_nginx_password<br />
<br />
# Postfix<br />
ldapwhoami -ZZ -x -D uid=zmpostfix,cn=appaccts,cn=zimbra -H ldap://`zmhostname`:389 -w $ldap_postfix_password<br />
<br />
On successful auth, the output of the above would be the user's DN from ldap<br />
<br />
# Main config user <br />
dn:cn=config<br />
<br />
# Zimbra ldap user <br />
dn:uid=zimbra,cn=admins,cn=zimbra<br />
<br />
# Replication<br />
dn:uid=zmreplica,cn=admins,cn=zimbra<br />
<br />
# Amavis<br />
dn:uid=zmamavis,cn=appaccts,cn=zimbra<br />
<br />
# Nginx<br />
dn:uid=zmnginx,cn=appaccts,cn=zimbra<br />
<br />
# Postfix<br />
dn:uid=zmpostfix,cn=appaccts,cn=zimbra<br />
<br />
<br />
<br />
<br />
<br />
<br />
{{Article Footer|Zimbra Collaboration Suite 7,8|06/24/2013}}<br />
<br />
[[Category: Community Sandbox]]<br />
[[Category: Administration]]<br />
[[Category: User Management]]</div>Shanxthttps://wiki.zimbra.com/index.php?title=Mitigate_CVE-2022-27925_on_Nginx&diff=69179Mitigate CVE-2022-27925 on Nginx2022-08-23T13:08:51Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
= Mitigate CVE-2022-27925 on Nginx =<br />
<hr><br />
{{KB|{{WIP}}|{{ZCS 9.0}}|{{ZCS 8.8}}}} <br />
<hr><br />
<br />
====Problem====<br />
<br />
ZCS versions before 8.8.15 Patch 31 and 9.0.0 Patch 24 are vulnerable to "'''CVE-2022-27925"'''. <br />
<br />
<br />
Accessing the following URL returns "500 Server Error", however the request succeeds on un-patched systems. <br />
<nowiki>curl https://</nowiki><span style="color:red">mail.example.com</span><nowiki>/service/extension/backup/mboximport</nowiki><br />
<br />
&lt;html&gt;<br />
&lt;head&gt;<br />
&lt;meta http-equiv="Content-Type" content="text/html;charset=utf-8"/&gt;<br />
&lt;title&gt;Error 500 Server Error&lt;/title&gt;<br />
&lt;/head&gt;<br />
&lt;body&gt;&lt;h2&gt;HTTP ERROR 500&lt;/h2&gt;<br />
&lt;p&gt;Problem accessing /service/extension/backup/mboximport. Reason:<br />
&lt;pre&gt;Server Error&lt;/pre&gt;&lt;/p&gt;<br />
&lt;/body&gt;<br />
&lt;/html&gt;<br />
<br />
<br />
====Solution====<br />
<br />
To mitigate this, Nginx templates on proxy servers have to modified. <br />
<br />
<br />
'''1)''' Take a backup of current templates directory '''"/opt/zimbra/conf/nginx/templates"'''.<br />
<br />
sudo cp -pvr /opt/zimbra/conf/nginx/templates /opt/zimbra/conf/nginx/templates.`date +%Y%m%d%H%M%S`.bak <br />
<br />
<br />
<br />
'''2)''' Modify the admin templates by adding the following location block just before the end of the server block. <br />
<br />
'''Admin template files''': <br />
/opt/zimbra/conf/nginx/templates/nginx.conf.web.admin.default.template<br />
/opt/zimbra/conf/nginx/templates/nginx.conf.web.admin.template<br />
<br />
-------------------<br />
location ^~ /service/extension/backup/mboximport<br />
{<br />
return 404;<br />
}<br />
-------------------<br />
<br />
<br />
<br />
The following screenshots show the entries before and after modification.<br />
<br />
: '''Default entry before modification:'''<br />
: <br />
: [[File:CVE-2022-27925_image1.PNG|1000px]]<br />
<br />
: '''After modification:''' <br />
: <br />
: [[File:CVE-2022-27925_image2.PNG|1000px]]<br />
<br />
<br />
<br />
'''3)''' Now modify the HTTP and HTTPS templates and add the same new location block at the end before the last '''"include"''' line. <br />
<br />
'''HTTP and HTTPS template files:''' <br />
/opt/zimbra/conf/nginx/templates/nginx.conf.web.http.default.template<br />
/opt/zimbra/conf/nginx/templates/nginx.conf.web.http.template<br />
/opt/zimbra/conf/nginx/templates/nginx.conf.web.https.default.template<br />
/opt/zimbra/conf/nginx/templates/nginx.conf.web.https.template<br />
<br />
<br />
: '''Default entry before modification:'''<br />
: <br />
: [[File:CVE-2022-27925_image3.PNG|800px]]<br />
<br />
: '''After modification:''' <br />
: <br />
: [[File:CVE-2022-27925_image4.PNG|800px]]<br />
<br />
<br />
<br />
'''4)''' Restart Proxy and Memcache services. <br />
<br />
su - zimbra<br />
zmproxyctl restart<br />
zmmemcachedctl restart <br />
<br />
<br />
<br />
'''5)''' After applying these changes, requests for mboximport returns a 404 Error. <br />
<br />
<nowiki>curl https://</nowiki><span style="color:red">mail.example.com</span><nowiki>/service/extension/backup/mboximport</nowiki><br />
<br />
&lt;html&gt;<br />
&lt;head&gt; &lt;title&gt;404 Not Found&lt;/title&gt; &lt;/head&gt;<br />
&lt;body&gt;<br />
&lt;center&gt;&lt;h1&gt;404 Not Found&lt;/h1&gt;&lt;/center&gt;<br />
&lt;hr&gt;&lt;center&gt;nginx&lt;/center&gt;<br />
&lt;/body&gt;<br />
&lt;/html&gt;<br />
<br />
<br />
<br />
{| class="wikitable" style="background-color:#d0f0c0;" cellpadding="10"<br />
|'''Submitted by''': Heera Singh Koranga<br />
|}<br />
<br />
{{Article Footer||}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Current_Known_Issues_ZCS9&diff=69087Current Known Issues ZCS92022-06-29T12:52:54Z<p>Shanxt: /* Current known issues with ZCS 9.0 patch 25 */</p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Current Known Issues on ZCS 9.0= <br />
<hr><br />
{{KB|{{WIP}}|{{ZCS 9.0}}|}} <br />
<br />
==Current known issues with ZCS 9.0 patch 25==<br />
<br />
<br />
'''Summary of the issue:''' Using the Org Chart in ZWC may cause the webclient to freeze<br />
<br />
'''Bug number:''' ZBUG-2853<br />
<br />
'''Description:''' Performing actions such a clicking on a checkbox or minimizing a branch may cause the client to freeze.<br />
<br />
'''Workaround:''' NA<br />
<br />
----<br />
<br />
====Fixed in the latest packages for patch 25====<br />
<br />
The following bugs have been fixed in the latest packages, but are included here in case someone is still on the old package. <br />
<br />
'''Summary of the issue:''' zmconfigd is failing for ldap-only nodes. <br />
<br />
'''Bug number:''' <s>ZBUG-2837</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' zmconfigd is failing for ldap-only nodes.<br />
<br />
'''Workaround:''' Apply the given workaround<br />
<br />
1. On the ldap server wget these two files for the respective versions in /tmp/:<br />
<br />
wget https://raw.githubusercontent.com/Zimbra/zm-core-utils/9.0.0.p25/src/libexec/zmconfigd<br />
wget https://raw.githubusercontent.com/Zimbra/zm-jython/9.0.0.p25/jylibs/commands.py<br />
<br />
2. Take a backup and replace the files in this location:<br />
<br />
/opt/zimbra/common/lib/jylibs/commands.py /opt/zimbra/libexec/zmconfigd<br />
<br />
3. Restart zmconfigd<br />
<br />
----<br />
<br />
'''Summary of the issue:''' SMTP authentication failure with 2FA application passcode<br />
<br />
'''Bug number:''' <s>ZBUG-2831</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' SMTP authentication failure with 2FA application passcode is configured in client like outlook, thunderbird etc. <br />
<br />
'''Workaround:''' The following workaround can be applied on the affected server.<br />
<br />
1. Open /opt/zimbra/jetty_base/etc/jetty.xml.in and add below statement on line no 41.<br />
<Set name="forwardedPortAsAuthority">false</Set><br />
2. Restart mailbox after this<br />
<br />
----<br />
<br />
'''Summary of the issue:''' All Zimlets are disabled from custom COS after redeploying the Zimlets<br />
<br />
'''Bug number:''' <s>ZZBUG-2833</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' When zimlets are redeployed on the server , then zimlets are disabled on the customer COS.<br />
<br />
'''Workaround:''' Those zimlets can be enabled on the custom COS manually.<br />
<br />
----<br />
<br />
'''Summary of the issue:''' No INFO logs while redeploying the Zimlets on the server.<br />
<br />
'''Bug number:''' <s>ZBUG-2834</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' When a zimlet is deployed on the server, it shows the output but it doesn't show anything on the screen and zimlet gets deployed silently in backend.<br />
<br />
'''Workaround:''' N/A<br />
<br />
<br />
'''Summary of the issue:''' /var/log/syslog filling after applying the patch-25 on ZCS-9 and this leads to the disk space filling up.<br />
<br />
'''Bug number:''' <s>ZBUG-2835</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' /var/log/syslog filling after applying the patch 8.8.15 patch 32. This leads to the disk space filling up.<br />
<br />
'''Workaround:''' The following workaround can be applied on the affected server.<br />
<br />
1. Open /opt/zimbra/conf/log4j.properties.in and update line no 195 and change value to info from debug.<br />
<br />
2. Update line no 210 and remove SLOGGER from statement.<br />
<br />
3. Restart mailbox after this<br />
<br />
<br />
* While deploying zimlets, if the following error is encountered, refer to the patch installation section to install the zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages in a particular order and re-deploy the zimlets <br />
<br />
<pre>/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more</pre><br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update zimbraVirtualHostName attribute for the domains. Please refer to the instructions to update the attribute.<br />
<br />
* With OpenJDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the allow_weak_crypto property to true in the krb5.conf configuration file. Please follow below instructions: <br />
<br />
1. In /opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults] section, set allow_weak_crypto = true<br />
<br />
2. Restart mailboxd service:<br />
<br />
<pre>su - zimbra<br />
zmmailboxdctl restart</pre></div>Shanxthttps://wiki.zimbra.com/index.php?title=Current_Known_Issues_ZCS9&diff=69086Current Known Issues ZCS92022-06-29T12:52:34Z<p>Shanxt: /* Current known issues with ZCS 9.0 patch 25 */ - ZBUG-2853 - Org Chart freezes ZWC</p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Current Known Issues on ZCS 9.0= <br />
<hr><br />
{{KB|{{WIP}}|{{ZCS 9.0}}|}} <br />
<br />
==Current known issues with ZCS 9.0 patch 25==<br />
<br />
----<br />
<br />
'''Summary of the issue:''' Using the Org Chart in ZWC may cause the webclient to freeze<br />
<br />
'''Bug number:''' ZBUG-2853<br />
<br />
'''Description:''' Performing actions such a clicking on a checkbox or minimizing a branch may cause the client to freeze.<br />
<br />
'''Workaround:''' NA<br />
<br />
====Fixed in the latest packages for patch 25====<br />
<br />
The following bugs have been fixed in the latest packages, but are included here in case someone is still on the old package. <br />
<br />
'''Summary of the issue:''' zmconfigd is failing for ldap-only nodes. <br />
<br />
'''Bug number:''' <s>ZBUG-2837</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' zmconfigd is failing for ldap-only nodes.<br />
<br />
'''Workaround:''' Apply the given workaround<br />
<br />
1. On the ldap server wget these two files for the respective versions in /tmp/:<br />
<br />
wget https://raw.githubusercontent.com/Zimbra/zm-core-utils/9.0.0.p25/src/libexec/zmconfigd<br />
wget https://raw.githubusercontent.com/Zimbra/zm-jython/9.0.0.p25/jylibs/commands.py<br />
<br />
2. Take a backup and replace the files in this location:<br />
<br />
/opt/zimbra/common/lib/jylibs/commands.py /opt/zimbra/libexec/zmconfigd<br />
<br />
3. Restart zmconfigd<br />
<br />
----<br />
<br />
'''Summary of the issue:''' SMTP authentication failure with 2FA application passcode<br />
<br />
'''Bug number:''' <s>ZBUG-2831</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' SMTP authentication failure with 2FA application passcode is configured in client like outlook, thunderbird etc. <br />
<br />
'''Workaround:''' The following workaround can be applied on the affected server.<br />
<br />
1. Open /opt/zimbra/jetty_base/etc/jetty.xml.in and add below statement on line no 41.<br />
<Set name="forwardedPortAsAuthority">false</Set><br />
2. Restart mailbox after this<br />
<br />
----<br />
<br />
'''Summary of the issue:''' All Zimlets are disabled from custom COS after redeploying the Zimlets<br />
<br />
'''Bug number:''' <s>ZZBUG-2833</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' When zimlets are redeployed on the server , then zimlets are disabled on the customer COS.<br />
<br />
'''Workaround:''' Those zimlets can be enabled on the custom COS manually.<br />
<br />
----<br />
<br />
'''Summary of the issue:''' No INFO logs while redeploying the Zimlets on the server.<br />
<br />
'''Bug number:''' <s>ZBUG-2834</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' When a zimlet is deployed on the server, it shows the output but it doesn't show anything on the screen and zimlet gets deployed silently in backend.<br />
<br />
'''Workaround:''' N/A<br />
<br />
<br />
'''Summary of the issue:''' /var/log/syslog filling after applying the patch-25 on ZCS-9 and this leads to the disk space filling up.<br />
<br />
'''Bug number:''' <s>ZBUG-2835</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' /var/log/syslog filling after applying the patch 8.8.15 patch 32. This leads to the disk space filling up.<br />
<br />
'''Workaround:''' The following workaround can be applied on the affected server.<br />
<br />
1. Open /opt/zimbra/conf/log4j.properties.in and update line no 195 and change value to info from debug.<br />
<br />
2. Update line no 210 and remove SLOGGER from statement.<br />
<br />
3. Restart mailbox after this<br />
<br />
<br />
* While deploying zimlets, if the following error is encountered, refer to the patch installation section to install the zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages in a particular order and re-deploy the zimlets <br />
<br />
<pre>/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more</pre><br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update zimbraVirtualHostName attribute for the domains. Please refer to the instructions to update the attribute.<br />
<br />
* With OpenJDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the allow_weak_crypto property to true in the krb5.conf configuration file. Please follow below instructions: <br />
<br />
1. In /opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults] section, set allow_weak_crypto = true<br />
<br />
2. Restart mailboxd service:<br />
<br />
<pre>su - zimbra<br />
zmmailboxdctl restart</pre></div>Shanxthttps://wiki.zimbra.com/index.php?title=Current_Known_Issues&diff=69085Current Known Issues2022-06-29T12:37:41Z<p>Shanxt: Patch32</p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Current Known Issues on 8.8.15= <br />
<hr><br />
{{KB|{{WIP}}|{{ZCS 8.8}}|}} <br />
<br />
==Current known issues with ZCS 8.8.15 patch 32==<br />
<br />
----<br />
====Fixed in the latest packages for patch 32====<br />
<br />
The following bugs have been fixed in the latest packages, but are included here in case someone is still on the old package. <br />
<br />
'''Summary of the issue:''' zmconfigd is failing for ldap-only nodes. <br />
<br />
'''Bug number:''' <s>ZBUG-2837</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' zmconfigd is failing for ldap-only nodes.<br />
<br />
'''Workaround:''' Apply the given workaround<br />
<br />
1. On the ldap server wget these two files for the respective versions in /tmp/:<br />
<br />
wget https://raw.githubusercontent.com/Zimbra/zm-core-utils/8.8.15.p32/src/libexec/zmconfigd<br />
wget https://raw.githubusercontent.com/Zimbra/zm-jython/8.8.15.p32/jylibs/commands.py<br />
<br />
2. Take a backup and replace the files in this location:<br />
<br />
/opt/zimbra/common/lib/jylibs/commands.py /opt/zimbra/libexec/zmconfigd<br />
<br />
3. Restart zmconfigd<br />
<br />
----<br />
<br />
'''Summary of the issue:''' SMTP authentication failure with 2FA application passcode<br />
<br />
'''Bug number:''' <s>ZBUG-2831</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' SMTP authentication failure with 2FA application passcode is configured in client like outlook, thunderbird etc. <br />
<br />
'''Workaround:''' The following workaround can be applied on the affected server.<br />
<br />
1. Open /opt/zimbra/jetty_base/etc/jetty.xml.in and add below statement on line no 41.<br />
<Set name="forwardedPortAsAuthority">false</Set><br />
2. Restart mailbox after this<br />
<br />
----<br />
<br />
'''Summary of the issue:''' All Zimlets are disabled from custom COS after redeploying the Zimlets<br />
<br />
'''Bug number:''' <s>ZBUG-2833</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' When zimlets are redeployed on the server , then zimlets are disabled on the customer COS.<br />
<br />
'''Workaround:''' Those zimlets can be enabled on the custom COS manually.<br />
<br />
----<br />
<br />
'''Summary of the issue:''' No INFO logs while redeploying the Zimlets on the server.<br />
<br />
'''Bug number:''' <s>ZBUG-2834</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' When a zimlet is deployed on the server, it shows the output but it doesn't show anything on the screen and zimlet gets deployed silently in backend.<br />
<br />
'''Workaround:''' N/A<br />
<br />
----<br />
<br />
'''Summary of the issue:''' /var/log/syslog filling after applying the patch-32 on ZCS-8.8.15 and this leads to the disk space filling up.<br />
<br />
'''Bug number:''' <s>ZBUG-2835</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' /var/log/syslog filling after applying the patch-32 on ZCS-8.8.15. This leads to the disk space filling up.<br />
<br />
'''Workaround:''' The following workaround can be applied on the affected server.<br />
<br />
1. Open /opt/zimbra/conf/log4j.properties.in and update line no 195 and change value to info from debug.<br />
<br />
2. Update line no 210 and remove SLOGGER from statement.<br />
<br />
3. Restart mailbox after this<br />
<br />
<br />
* While deploying zimlets, if the following error is encountered, refer to the patch installation section to install the zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages in a particular order and re-deploy the zimlets <br />
<br />
<pre>/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more</pre><br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update zimbraVirtualHostName attribute for the domains. Please refer to the instructions to update the attribute.<br />
<br />
* With OpenJDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the allow_weak_crypto property to true in the krb5.conf configuration file. Please follow below instructions: <br />
<br />
1. In /opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults] section, set allow_weak_crypto = true<br />
<br />
2. Restart mailboxd service:<br />
<br />
<pre>su - zimbra<br />
zmmailboxdctl restart</pre></div>Shanxthttps://wiki.zimbra.com/index.php?title=Current_Known_Issues_ZCS9&diff=69084Current Known Issues ZCS92022-06-29T12:28:58Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Current Known Issues on ZCS 9.0= <br />
<hr><br />
{{KB|{{WIP}}|{{ZCS 9.0}}|}} <br />
<br />
==Current known issues with ZCS 9.0 patch 25==<br />
<br />
----<br />
<br />
====Fixed in the latest packages for patch 25====<br />
<br />
The following bugs have been fixed in the latest packages, but are included here in case someone is still on the old package. <br />
<br />
'''Summary of the issue:''' zmconfigd is failing for ldap-only nodes. <br />
<br />
'''Bug number:''' <s>ZBUG-2837</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' zmconfigd is failing for ldap-only nodes.<br />
<br />
'''Workaround:''' Apply the given workaround<br />
<br />
1. On the ldap server wget these two files for the respective versions in /tmp/:<br />
<br />
wget https://raw.githubusercontent.com/Zimbra/zm-core-utils/9.0.0.p25/src/libexec/zmconfigd<br />
wget https://raw.githubusercontent.com/Zimbra/zm-jython/9.0.0.p25/jylibs/commands.py<br />
<br />
2. Take a backup and replace the files in this location:<br />
<br />
/opt/zimbra/common/lib/jylibs/commands.py /opt/zimbra/libexec/zmconfigd<br />
<br />
3. Restart zmconfigd<br />
<br />
----<br />
<br />
'''Summary of the issue:''' SMTP authentication failure with 2FA application passcode<br />
<br />
'''Bug number:''' <s>ZBUG-2831</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' SMTP authentication failure with 2FA application passcode is configured in client like outlook, thunderbird etc. <br />
<br />
'''Workaround:''' The following workaround can be applied on the affected server.<br />
<br />
1. Open /opt/zimbra/jetty_base/etc/jetty.xml.in and add below statement on line no 41.<br />
<Set name="forwardedPortAsAuthority">false</Set><br />
2. Restart mailbox after this<br />
<br />
----<br />
<br />
'''Summary of the issue:''' All Zimlets are disabled from custom COS after redeploying the Zimlets<br />
<br />
'''Bug number:''' <s>ZZBUG-2833</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' When zimlets are redeployed on the server , then zimlets are disabled on the customer COS.<br />
<br />
'''Workaround:''' Those zimlets can be enabled on the custom COS manually.<br />
<br />
----<br />
<br />
'''Summary of the issue:''' No INFO logs while redeploying the Zimlets on the server.<br />
<br />
'''Bug number:''' <s>ZBUG-2834</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' When a zimlet is deployed on the server, it shows the output but it doesn't show anything on the screen and zimlet gets deployed silently in backend.<br />
<br />
'''Workaround:''' N/A<br />
<br />
<br />
'''Summary of the issue:''' /var/log/syslog filling after applying the patch-25 on ZCS-9 and this leads to the disk space filling up.<br />
<br />
'''Bug number:''' <s>ZBUG-2835</s> Fixed in the latest patch packages.<br />
<br />
'''Description:''' /var/log/syslog filling after applying the patch 8.8.15 patch 32. This leads to the disk space filling up.<br />
<br />
'''Workaround:''' The following workaround can be applied on the affected server.<br />
<br />
1. Open /opt/zimbra/conf/log4j.properties.in and update line no 195 and change value to info from debug.<br />
<br />
2. Update line no 210 and remove SLOGGER from statement.<br />
<br />
3. Restart mailbox after this<br />
<br />
<br />
* While deploying zimlets, if the following error is encountered, refer to the patch installation section to install the zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages in a particular order and re-deploy the zimlets <br />
<br />
<pre>/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more</pre><br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update zimbraVirtualHostName attribute for the domains. Please refer to the instructions to update the attribute.<br />
<br />
* With OpenJDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the allow_weak_crypto property to true in the krb5.conf configuration file. Please follow below instructions: <br />
<br />
1. In /opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults] section, set allow_weak_crypto = true<br />
<br />
2. Restart mailboxd service:<br />
<br />
<pre>su - zimbra<br />
zmmailboxdctl restart</pre></div>Shanxthttps://wiki.zimbra.com/index.php?title=Current_Known_Issues_ZCS9&diff=69074Current Known Issues ZCS92022-06-17T19:41:30Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Current Known Issues on ZCS 9.0= <br />
<hr><br />
{{KB|{{WIP}}|{{ZCS 9.0}}|}} <br />
<br />
==Current known issues with ZCS 9.0 patch 25==<br />
<br />
----<br />
<br />
'''Summary of the issue:''' zmconfigd is failing for ldap-only nodes. <br />
<br />
'''Bug number:''' ZBUG-2837<br />
<br />
'''Description:''' zmconfigd is failing for ldap-only nodes.<br />
<br />
'''Workaround:''' Apply the given workaround<br />
<br />
1. On the ldap server wget these two files for the respective versions in /tmp/:<br />
<br />
wget https://raw.githubusercontent.com/Zimbra/zm-core-utils/9.0.0.p25/src/libexec/zmconfigd<br />
wget https://raw.githubusercontent.com/Zimbra/zm-jython/9.0.0.p25/jylibs/commands.py<br />
<br />
2. Take a backup and replace the files in this location:<br />
<br />
/opt/zimbra/common/lib/jylibs/commands.py /opt/zimbra/libexec/zmconfigd<br />
<br />
3. Restart zmconfigd<br />
<br />
----<br />
<br />
'''Summary of the issue:''' SMTP authentication failure with 2FA application passcode<br />
<br />
'''Bug number:''' ZBUG-2831<br />
<br />
'''Description:''' SMTP authentication failure with 2FA application passcode is configured in client like outlook, thunderbird etc. <br />
<br />
'''Workaround:''' The following workaround can be applied on the affected server.<br />
<br />
1. Open /opt/zimbra/jetty_base/etc/jetty.xml.in and add below statement on line no 41.<br />
<Set name="forwardedPortAsAuthority">false</Set><br />
2. Restart mailbox after this<br />
<br />
----<br />
<br />
'''Summary of the issue:''' All Zimlets are disabled from custom COS after redeploying the Zimlets<br />
<br />
'''Bug number:''' ZBUG-2833 <br />
<br />
'''Description:''' When zimlets are redeployed on the server , then zimlets are disabled on the customer COS.<br />
<br />
'''Workaround:''' Those zimlets can be enabled on the custom COS manually.<br />
<br />
----<br />
<br />
'''Summary of the issue:''' No INFO logs while redeploying the Zimlets on the server.<br />
<br />
'''Bug number:''' ZBUG-2834 <br />
<br />
'''Description:''' When a zimlet is deployed on the server, it shows the output but it doesn't show anything on the screen and zimlet gets deployed silently in backend.<br />
<br />
'''Workaround:''' N/A<br />
<br />
<br />
'''Summary of the issue:''' /var/log/syslog filling after applying the patch-25 on ZCS-9 and this leads to the disk space filling up.<br />
<br />
'''Bug number:''' ZBUG-2835<br />
<br />
'''Description:''' /var/log/syslog filling after applying the patch 8.8.15 patch 32. This leads to the disk space filling up.<br />
<br />
'''Workaround:''' The following workaround can be applied on the affected server.<br />
<br />
1. Open /opt/zimbra/conf/log4j.properties.in and update line no 195 and change value to info from debug.<br />
2. Update line no 210 and remove SLOGGER from statement.<br />
3. Restart mailbox after this<br />
<br />
<br />
* While deploying zimlets, if the following error is encountered, refer to the patch installation section to install the zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages in a particular order and re-deploy the zimlets <br />
<br />
<pre>/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more</pre><br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update zimbraVirtualHostName attribute for the domains. Please refer to the instructions to update the attribute.<br />
<br />
* With OpenJDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the allow_weak_crypto property to true in the krb5.conf configuration file. Please follow below instructions: <br />
<br />
1. In /opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults] section, set allow_weak_crypto = true<br />
<br />
2. Restart mailboxd service:<br />
<br />
<pre>su - zimbra<br />
zmmailboxdctl restart</pre></div>Shanxthttps://wiki.zimbra.com/index.php?title=Current_Known_Issues&diff=69073Current Known Issues2022-06-17T19:41:10Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Current Known Issues on 8.8.15= <br />
<hr><br />
{{KB|{{WIP}}|{{ZCS 8.8}}|}} <br />
<br />
==Current known issues with ZCS 8.8.15 patch 32==<br />
<br />
----<br />
<br />
'''Summary of the issue:''' zmconfigd is failing for ldap-only nodes. <br />
<br />
'''Bug number:''' ZBUG-2837<br />
<br />
'''Description:''' zmconfigd is failing for ldap-only nodes.<br />
<br />
'''Workaround:''' Apply the given workaround<br />
<br />
1. On the ldap server wget these two files for the respective versions in /tmp/:<br />
<br />
wget https://raw.githubusercontent.com/Zimbra/zm-core-utils/9.0.0.p25/src/libexec/zmconfigd<br />
wget https://raw.githubusercontent.com/Zimbra/zm-jython/9.0.0.p25/jylibs/commands.py<br />
<br />
2. Take a backup and replace the files in this location:<br />
<br />
/opt/zimbra/common/lib/jylibs/commands.py /opt/zimbra/libexec/zmconfigd<br />
<br />
3. Restart zmconfigd<br />
<br />
----<br />
<br />
'''Summary of the issue:''' SMTP authentication failure with 2FA application passcode<br />
<br />
'''Bug number:''' ZBUG-2831<br />
<br />
'''Description:''' SMTP authentication failure with 2FA application passcode is configured in client like outlook, thunderbird etc. <br />
<br />
'''Workaround:''' The following workaround can be applied on the affected server.<br />
<br />
1. Open /opt/zimbra/jetty_base/etc/jetty.xml.in and add below statement on line no 41.<br />
<Set name="forwardedPortAsAuthority">false</Set><br />
2. Restart mailbox after this<br />
<br />
----<br />
<br />
'''Summary of the issue:''' All Zimlets are disabled from custom COS after redeploying the Zimlets<br />
<br />
'''Bug number:''' ZBUG-2833 <br />
<br />
'''Description:''' When zimlets are redeployed on the server , then zimlets are disabled on the customer COS.<br />
<br />
'''Workaround:''' Those zimlets can be enabled on the custom COS manually.<br />
<br />
----<br />
<br />
'''Summary of the issue:''' No INFO logs while redeploying the Zimlets on the server.<br />
<br />
'''Bug number:''' ZBUG-2834 <br />
<br />
'''Description:''' When a zimlet is deployed on the server, it shows the output but it doesn't show anything on the screen and zimlet gets deployed silently in backend.<br />
<br />
'''Workaround:''' N/A<br />
<br />
----<br />
<br />
'''Summary of the issue:''' /var/log/syslog filling after applying the patch-32 on ZCS-8.8.15 and this leads to the disk space filling up.<br />
<br />
'''Bug number:''' ZBUG-2835<br />
<br />
'''Description:''' /var/log/syslog filling after applying the patch-32 on ZCS-8.8.15. This leads to the disk space filling up.<br />
<br />
'''Workaround:''' The following workaround can be applied on the affected server.<br />
<br />
1. Open /opt/zimbra/conf/log4j.properties.in and update line no 195 and change value to info from debug.<br />
2. Update line no 210 and remove SLOGGER from statement.<br />
3. Restart mailbox after this<br />
<br />
<br />
* While deploying zimlets, if the following error is encountered, refer to the patch installation section to install the zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages in a particular order and re-deploy the zimlets <br />
<br />
<pre>/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more</pre><br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update zimbraVirtualHostName attribute for the domains. Please refer to the instructions to update the attribute.<br />
<br />
* With OpenJDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the allow_weak_crypto property to true in the krb5.conf configuration file. Please follow below instructions: <br />
<br />
1. In /opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults] section, set allow_weak_crypto = true<br />
<br />
2. Restart mailboxd service:<br />
<br />
<pre>su - zimbra<br />
zmmailboxdctl restart</pre></div>Shanxthttps://wiki.zimbra.com/index.php?title=Current_Known_Issues_ZCS9&diff=69072Current Known Issues ZCS92022-06-17T19:40:14Z<p>Shanxt: /* Current Known Issues */</p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Current Known Issues on ZCS 9.0= <br />
<hr><br />
{{KB|{{WIP}}|{{ZCS 9.0}}|}} <br />
<br />
==Current known issues with ZCS 9.0 patch 25==<br />
<br />
<br />
'''Summary of the issue:''' zmconfigd is failing for ldap-only nodes. <br />
<br />
'''Bug number:''' ZBUG-2837<br />
<br />
'''Description:''' zmconfigd is failing for ldap-only nodes.<br />
<br />
'''Workaround:''' Apply the given workaround<br />
<br />
1. On the ldap server wget these two files for the respective versions in /tmp/:<br />
<br />
wget https://raw.githubusercontent.com/Zimbra/zm-core-utils/9.0.0.p25/src/libexec/zmconfigd<br />
wget https://raw.githubusercontent.com/Zimbra/zm-jython/9.0.0.p25/jylibs/commands.py<br />
<br />
2. Take a backup and replace the files in this location:<br />
<br />
/opt/zimbra/common/lib/jylibs/commands.py /opt/zimbra/libexec/zmconfigd<br />
<br />
3. Restart zmconfigd<br />
<br />
----<br />
<br />
'''Summary of the issue:''' SMTP authentication failure with 2FA application passcode<br />
<br />
'''Bug number:''' ZBUG-2831<br />
<br />
'''Description:''' SMTP authentication failure with 2FA application passcode is configured in client like outlook, thunderbird etc. <br />
<br />
'''Workaround:''' The following workaround can be applied on the affected server.<br />
<br />
1. Open /opt/zimbra/jetty_base/etc/jetty.xml.in and add below statement on line no 41.<br />
<Set name="forwardedPortAsAuthority">false</Set><br />
2. Restart mailbox after this<br />
<br />
----<br />
<br />
'''Summary of the issue:''' All Zimlets are disabled from custom COS after redeploying the Zimlets<br />
<br />
'''Bug number:''' ZBUG-2833 <br />
<br />
'''Description:''' When zimlets are redeployed on the server , then zimlets are disabled on the customer COS.<br />
<br />
'''Workaround:''' Those zimlets can be enabled on the custom COS manually.<br />
<br />
----<br />
<br />
'''Summary of the issue:''' No INFO logs while redeploying the Zimlets on the server.<br />
<br />
'''Bug number:''' ZBUG-2834 <br />
<br />
'''Description:''' When a zimlet is deployed on the server, it shows the output but it doesn't show anything on the screen and zimlet gets deployed silently in backend.<br />
<br />
'''Workaround:''' N/A<br />
<br />
<br />
'''Summary of the issue:''' /var/log/syslog filling after applying the patch-25 on ZCS-9 and this leads to the disk space filling up.<br />
<br />
'''Bug number:''' ZBUG-2835<br />
<br />
'''Description:''' /var/log/syslog filling after applying the patch 8.8.15 patch 32. This leads to the disk space filling up.<br />
<br />
'''Workaround:''' The following workaround can be applied on the affected server.<br />
<br />
1. Open /opt/zimbra/conf/log4j.properties.in and update line no 195 and change value to info from debug.<br />
2. Update line no 210 and remove SLOGGER from statement.<br />
3. Restart mailbox after this<br />
<br />
<br />
* While deploying zimlets, if the following error is encountered, refer to the patch installation section to install the zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages in a particular order and re-deploy the zimlets <br />
<br />
<pre>/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more</pre><br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update zimbraVirtualHostName attribute for the domains. Please refer to the instructions to update the attribute.<br />
<br />
* With OpenJDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the allow_weak_crypto property to true in the krb5.conf configuration file. Please follow below instructions: <br />
<br />
1. In /opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults] section, set allow_weak_crypto = true<br />
<br />
2. Restart mailboxd service:<br />
<br />
<pre>su - zimbra<br />
zmmailboxdctl restart</pre></div>Shanxthttps://wiki.zimbra.com/index.php?title=Current_Known_Issues_ZCS9&diff=69071Current Known Issues ZCS92022-06-17T19:39:44Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Current Known Issues= <br />
<hr><br />
{{KB|{{WIP}}|{{ZCS 9.0}}|}} <br />
<br />
==Current known issues with ZCS 9.0 patch 25==<br />
<br />
<br />
'''Summary of the issue:''' zmconfigd is failing for ldap-only nodes. <br />
<br />
'''Bug number:''' ZBUG-2837<br />
<br />
'''Description:''' zmconfigd is failing for ldap-only nodes.<br />
<br />
'''Workaround:''' Apply the given workaround<br />
<br />
1. On the ldap server wget these two files for the respective versions in /tmp/:<br />
<br />
wget https://raw.githubusercontent.com/Zimbra/zm-core-utils/9.0.0.p25/src/libexec/zmconfigd<br />
wget https://raw.githubusercontent.com/Zimbra/zm-jython/9.0.0.p25/jylibs/commands.py<br />
<br />
2. Take a backup and replace the files in this location:<br />
<br />
/opt/zimbra/common/lib/jylibs/commands.py /opt/zimbra/libexec/zmconfigd<br />
<br />
3. Restart zmconfigd<br />
<br />
----<br />
<br />
'''Summary of the issue:''' SMTP authentication failure with 2FA application passcode<br />
<br />
'''Bug number:''' ZBUG-2831<br />
<br />
'''Description:''' SMTP authentication failure with 2FA application passcode is configured in client like outlook, thunderbird etc. <br />
<br />
'''Workaround:''' The following workaround can be applied on the affected server.<br />
<br />
1. Open /opt/zimbra/jetty_base/etc/jetty.xml.in and add below statement on line no 41.<br />
<Set name="forwardedPortAsAuthority">false</Set><br />
2. Restart mailbox after this<br />
<br />
----<br />
<br />
'''Summary of the issue:''' All Zimlets are disabled from custom COS after redeploying the Zimlets<br />
<br />
'''Bug number:''' ZBUG-2833 <br />
<br />
'''Description:''' When zimlets are redeployed on the server , then zimlets are disabled on the customer COS.<br />
<br />
'''Workaround:''' Those zimlets can be enabled on the custom COS manually.<br />
<br />
----<br />
<br />
'''Summary of the issue:''' No INFO logs while redeploying the Zimlets on the server.<br />
<br />
'''Bug number:''' ZBUG-2834 <br />
<br />
'''Description:''' When a zimlet is deployed on the server, it shows the output but it doesn't show anything on the screen and zimlet gets deployed silently in backend.<br />
<br />
'''Workaround:''' N/A<br />
<br />
<br />
'''Summary of the issue:''' /var/log/syslog filling after applying the patch-25 on ZCS-9 and this leads to the disk space filling up.<br />
<br />
'''Bug number:''' ZBUG-2835<br />
<br />
'''Description:''' /var/log/syslog filling after applying the patch 8.8.15 patch 32. This leads to the disk space filling up.<br />
<br />
'''Workaround:''' The following workaround can be applied on the affected server.<br />
<br />
1. Open /opt/zimbra/conf/log4j.properties.in and update line no 195 and change value to info from debug.<br />
2. Update line no 210 and remove SLOGGER from statement.<br />
3. Restart mailbox after this<br />
<br />
<br />
* While deploying zimlets, if the following error is encountered, refer to the patch installation section to install the zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages in a particular order and re-deploy the zimlets <br />
<br />
<pre>/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more</pre><br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update zimbraVirtualHostName attribute for the domains. Please refer to the instructions to update the attribute.<br />
<br />
* With OpenJDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the allow_weak_crypto property to true in the krb5.conf configuration file. Please follow below instructions: <br />
<br />
1. In /opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults] section, set allow_weak_crypto = true<br />
<br />
2. Restart mailboxd service:<br />
<br />
<pre>su - zimbra<br />
zmmailboxdctl restart</pre></div>Shanxthttps://wiki.zimbra.com/index.php?title=Saslauth_Failed_(curl_easy_perform_error)&diff=68605Saslauth Failed (curl easy perform error)2021-11-15T13:19:41Z<p>Shanxt: /* Solution */</p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Saslauth Failed (curl_easy_perform error)= <br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.8}}||||}} <br />
<br />
<br />
<br />
====Problem====<br />
IMAP/POP clients get a password pop-up window and are not able to send and receive any e-mails. When using the correct username and password, the following authentication error in /var/log/zimbra.log file is observed :<br />
<br />
Nov 28 15:06:57 mbox1 saslauthd[45799]: auth_zimbra: ztest@xxxxxx.com auth failed: curl_easy_perform: error(56): Received HTTP code 503 from proxy after<br />
CONNECT<br />
Nov 28 15:06:57 mbox1 saslauthd[45799]: do_auth : auth failure: [user=ztest@xxxx.com] [service=smtp] [realm=xxxx.in] [mech=zimbra] [rea<br />
son=Unknown]<br />
Nov 28 15:06:57 mbox1 postfix/smtpd[18938]: warning: unknown[10.0.7.162]: SASL LOGIN authentication failed: authentication failure<br />
Nov 28 15:06:57 mbox1 postfix/smtpd[18938]: lost connection after AUTH from unknown[10.0.7.162]<br />
<br />
====Solution====<br />
Check if any additional forward proxy is enabled (like Nginx or Squid)<br />
<br />
Run following command to check the additional proxy:<br />
# env | grep -i proxy<br />
Run the following command to check saslauth with the mailbox node. The same curl command works in the backend during saslauth.<br />
$ curl -X POST -u zimbra.user2@example.com:test@123 -d 'authType=sasl' https://mbox1.example.com:7073/service/admin/soap/ -k<br />
Remove additional proxy and restart the MTA service to invalidate the old saslauth connection which was established.<br />
$ zmmtactl restart<br />
<br />
<br />
<br />
=====Why does this issue occur?===== <br />
When saslauth happens on MTA server, it checks ZCS saslauthd lookup server on port 7073 which is a mailbox server. If a local forward proxy is configured, this request will be handled by this proxy. Since this proxy doesn't know where to forward this request to, it shows HTTP 503 and 502 errors.<br />
<br />
=====How SASL works===== <br />
SASL is not a protocol but is a framework that can be used with protocols such as SMTP. For each protocol that uses SASL, there will be a specification as to how the protocol uses SASL. This means that SASL can be used with a wide range of protocols, and can be adapted to the details of how any specific protocols work.<br />
<br />
The basic operation of SASL is straightforward. The server provides a list of supported authentication mechanisms, and then the client says which one will be used (based on the client’s capabilities and security requirements).<br />
<br />
Protocols that contain SASL support include:<br />
<br />
*LDAP (Internet Standard Lightweight Directory Access Protocol)<br />
*SMTP (Internet Standard Simple Message Transfer Protocol)<br />
*POP3 (Internet Standard Post Office Protocol v3)<br />
*IMAP (Internet Standard Internet Mail Access Protocol)<br />
*XMPP: Extensible Messaging and Presence Protocol<br />
*Isode's SOM (Switch Operations and Management) Protocol<br />
<br />
This [https://www.isode.com/products/sasl.html external link] contains more information about SASL.<br />
<br />
{{SubmittedBy|Gopal Singh Bhandari}}<br />
<br />
{{Article Footer|ZCS 8.8|2020-04-13}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Saslauth_Failed_(curl_easy_perform_error)&diff=68604Saslauth Failed (curl easy perform error)2021-11-15T13:19:06Z<p>Shanxt: /* Solution */</p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Saslauth Failed (curl_easy_perform error)= <br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.8}}||||}} <br />
<br />
<br />
<br />
====Problem====<br />
IMAP/POP clients get a password pop-up window and are not able to send and receive any e-mails. When using the correct username and password, the following authentication error in /var/log/zimbra.log file is observed :<br />
<br />
Nov 28 15:06:57 mbox1 saslauthd[45799]: auth_zimbra: ztest@xxxxxx.com auth failed: curl_easy_perform: error(56): Received HTTP code 503 from proxy after<br />
CONNECT<br />
Nov 28 15:06:57 mbox1 saslauthd[45799]: do_auth : auth failure: [user=ztest@xxxx.com] [service=smtp] [realm=xxxx.in] [mech=zimbra] [rea<br />
son=Unknown]<br />
Nov 28 15:06:57 mbox1 postfix/smtpd[18938]: warning: unknown[10.0.7.162]: SASL LOGIN authentication failed: authentication failure<br />
Nov 28 15:06:57 mbox1 postfix/smtpd[18938]: lost connection after AUTH from unknown[10.0.7.162]<br />
<br />
====Solution====<br />
Check if any additional forward proxy is enabled (like Nginx or Squid)<br />
<br />
Run following command to check the additional proxy:<br />
# env | grep -i proxy<br />
Run the following command to check saslauth with the mailbox node. The same curl command works in the backend during saslauth.<br />
$ curl -X POST -u zimbra.user2@example.com:test@123 -d 'authType=sasl' https://mbox1.example.com:7073/service/admin/soap/ -k</pre> <br />
Remove additional proxy and restart the MTA service to invalidate the old saslauth connection which was established.<br />
$ zmmtactl restart</pre> <br />
<br />
<br />
<br />
=====Why does this issue occur?===== <br />
When saslauth happens on MTA server, it checks ZCS saslauthd lookup server on port 7073 which is a mailbox server. If a local forward proxy is configured, this request will be handled by this proxy. Since this proxy doesn't know where to forward this request to, it shows HTTP 503 and 502 errors.<br />
<br />
=====How SASL works===== <br />
SASL is not a protocol but is a framework that can be used with protocols such as SMTP. For each protocol that uses SASL, there will be a specification as to how the protocol uses SASL. This means that SASL can be used with a wide range of protocols, and can be adapted to the details of how any specific protocols work.<br />
<br />
The basic operation of SASL is straightforward. The server provides a list of supported authentication mechanisms, and then the client says which one will be used (based on the client’s capabilities and security requirements).<br />
<br />
Protocols that contain SASL support include:<br />
<br />
*LDAP (Internet Standard Lightweight Directory Access Protocol)<br />
*SMTP (Internet Standard Simple Message Transfer Protocol)<br />
*POP3 (Internet Standard Post Office Protocol v3)<br />
*IMAP (Internet Standard Internet Mail Access Protocol)<br />
*XMPP: Extensible Messaging and Presence Protocol<br />
*Isode's SOM (Switch Operations and Management) Protocol<br />
<br />
This [https://www.isode.com/products/sasl.html external link] contains more information about SASL.<br />
<br />
{{SubmittedBy|Gopal Singh Bhandari}}<br />
<br />
{{Article Footer|ZCS 8.8|2020-04-13}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=How_to_configure_SMIME_on_Zimbra&diff=68554How to configure SMIME on Zimbra2021-11-03T11:20:42Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=How to configure S/MIME (in Webmail, ZCO,IMAP,POP and Thunderbird)?= <br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.8}}||||}} <br />
<br />
<br />
====What is S/MIME?====<br />
S/MIME is an acronym for Secure/Multipurpose Internet Mail Extensions. It references a type of public encryption and signing of MIME data (email messages) to verify a sender’s identity. <br />
<br />
=====What it allows to do is two things:=====<br />
Ensure to the email recipients that the sender actually sent the email.<br />
<br />
Allows the possibility of sending and/or receiving email encrypted.<br />
<br />
<br />
====How Does S/MIME Work?====<br />
As mentioned above, S/MIME is a type of “end-to-end” encryption solution used for email messages. To be more specific, it uses asymmetric cryptography to protect emails from being read by a third party.<br />
<br />
'''Sign:''' Digitally validate that you are the sender of a message. When signing, you use your private key to write message's signature, and they use your public key to check if it's really yours. <br />
<br />
'''Encrypt:''' encrypt the composed message for one or more recipients. When encrypting, you use their public key to write a message and they use their private key to read it.<br />
<br />
In order to encrypt, you must have previously received a signed message from that user, such that Zimbra has stored the public S/MIME certificate for that other user. A digital id or digital certificate consists of a public and private key. Your public key is shared with everyone. Your private key is kept private.<br />
<br />
<br />
=====Digital signatures and end-to-end email encryption:=====<br />
A digital signature only requires the sender (the signer) to have cryptographic keys (a private key and a public key). The sender signs the message locally on his/her device (using sender’s private key). Furthermore, the receiver verifies it on his device by using sender’s public key. The process works as follows:<br />
<br />
-- Alice (sender) generates a key pair and shares her public key with Bob (a one-time prerequisite).<br />
-- Alice signs the message using her private key in her device and sends the message to Bob.<br />
-- Bob receives the signed message on his device and verifies the signature using Alice’s public key.<br />
<br />
[[File:Smime1.png]]<br />
<br />
====Enabling S/MIME Email Encryption:====<br />
Enabling S/MIME email encryption may be different for depending on the Webmail and email application combination in use. There are few examples of how S/MIME control on different email client and Zimbra Webmail.<br />
<br />
=====Enabling S/MIME on Zimbra Webmail:=====<br />
1. This is a license feature, a valid S/MIME license(SMIMEAccountsLimit) should be present in license file.<br />
<br />
2. Get the valid S/MIME certificate from CA authority or use free S/MIME certs as well. When creating this certificate, it must match exactly the From: address use when sending email. If there is a mismatch, S/MIME will not work.<br />
<br />
3. Enabling this feature in account level and COS level:<br />
<br />
'''Account level''': Edit account -> Features -> S/MIME features.<br />
'''COS level''': Open admin console -> Configure ->Class of Service ->Cos_name ->Features -> S/MIME features.<br />
<br />
CLI:<br />
$ zmprov ma account@domain.com zimbraFeatureSMIMEEnabled TRUE<br />
$ zmprov mc cos_name zimbraFeatureSMIMEEnabled TRUE<br />
<br />
<br />
4. In Zimbra Web Client, go to '''Preferences -> Zimlets''', and make sure the Zimlet called '''"Secure Email"''' is enabled. Securemail zimlet can be enable from COS as well.<br />
5. In Zimbra Web Client, go to '''Preferences -> Security,''' and upload the S/MIME cert.<br />
<br />
Steps:<br />
<br />
[[File:Smime2.png|900px]]<br />
<br />
After upload it should be like this: <br />
<br />
<br />
[[File:Smime3.png]]<br />
<br />
<br />
When composing Sign email, sender should now see a pull-down box offering "Don't Sign", "Sign" or "Sign and Encrypt". Here, select “Sign”. <br />
<br />
"Recipient can see signed email and certificate detail<br />
<br />
<br />
[[File:Smime4.png|500px]]<br />
<br />
<br />
Recipient end you can see signed email and certificate detail:<br />
<br />
<br />
[[File:Smime5.png]]<br />
<br />
Once you have sent sign public cert of sender will add in contact list, now send a Sign and Encrypt email to each other.<br />
<br />
[[File:Smime6.png|500px]]<br />
<br />
<br />
=====Enabling S/MIME in (ZCO,IMAP/POP) outlook:=====<br />
1. Configure a new ZCO profile and configure an account in outlook.<br />
<br />
2. After complete the ZCO profile open the account and go to the '''File -> Options -> Trust Center -> Trust Center Settings -> Email Security -> Import/Export'''<br />
<br />
[[File:Smime7.png]]<br />
<br />
New window will open, browse the certificate file and enter the password. <br />
<br />
[[File:Smime8.png]]<br />
<br />
Now, enter the name of certificate and check the settings as per screenshot:<br />
<br />
[[File:Smime9.png]]<br />
<br />
Try to compose one e-mail from outlook and you will see the “sign” and “encrypt” option in Options tab:<br />
<br />
[[File:Smime10.png]]<br />
<br />
'''Note:''' Outlook saves the public cert of sender in local outlook contact list, it will not save it automatically when someone sends a “Sign” e-mail. User needs to save it manually. <br />
<br />
'''Steps to add contact in local outlook contact list.'''<br />
<br />
1) Open the signed e-mail message<br />
<br />
2) Right-click on the sender's name<br />
<br />
3) Select Add to Outlook Contacts<br />
<br />
4) If the sender is not yet in Contacts address book, a Contact window will appear. Enter any information wants to include.<br />
<br />
5) Click Save and Close. This automatically adds the sender's Digital ID to local Contact address book.<br />
<br />
6) If the sender is already in local Contacts address book, a dialog box will appear stating that a duplicate contact is detected. Click OK to update new information from this contact to the existing one.<br />
<br />
Once you have saved the contact, it will sync with webmail as well and now you can send the Sign&encrypt email to the sender. If the contact not saved you will get an error when you will try to send the encrypt email.<br />
<br />
You can see the saved certificate information in contact:<br />
<br />
[[File:Smime11.png|900px]]<br />
<br />
Steps are same to add certificate and compose an email for IMAP/POP account in outlook but only the local contact will not sync with webmail.<br />
<br />
<br />
=====Enabling S/MIME in Thunderbird e-mail client:=====<br />
1. Go to the '''Options -> Certificates -> Manage Certificates -> Import'''<br />
Here you need to import the certificate then '''Ok.'''<br />
<br />
[[File:Smime12.png|900px]]<br />
<br />
2. Now go to the Account '''Settings-> Security -> Digital Signing->''' Select the certificate.<br />
<br />
[[File:Smime13.png|900px]]<br />
<br />
3. You can try to compose the Digitally Sign email or Encrypt e-mail.<br />
<br />
[[File:Smime14.png]]</div>Shanxthttps://wiki.zimbra.com/index.php?title=How_to_move_a_distribution_list_from_one_mailbox_server_to_another&diff=68553How to move a distribution list from one mailbox server to another2021-11-03T11:18:21Z<p>Shanxt: </p>
<hr />
<div>__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=How to move a distribution list from one mailbox server to another?=<br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 9.0}}}}<br />
<hr><br />
<br />
====Problem====<br />
In multi-server environment, how to move distribution list from one mailbox server to another?<br />
<br />
<br />
====Solution====<br />
<br />
In below example <code>test@example.com</code> is moved from mailbox server <code>example.com</code> to <code>example2.com</code><br />
<br />
'''1)''' Check current value of attribute zimbraMailhost for DL<br />
<br />
<pre><br />
$ zmprov gdl test@example.com |grep zimbraMailhost<br />
</pre><br />
The above command will return the below output<br />
<pre><br />
zimbraMailHost: example.com<br />
</pre><br />
<br />
'''2)''' To move a distribution list, zimbraMailhost needs to be changed with new mailbox server's hostname<br />
<pre><br />
zmprov mdl test@example.com zimbraMailhost example2.com<br />
</pre><br />
<br />
'''3)''' Then flush the server cache<br />
<pre><br />
zmprov fc all<br />
</pre><br />
<br />
<br />
<br />
{{SubmittedBy|Vivek Dhande}}<br />
<br />
{{Article Footer|ZCS 9.0|2021-06-04}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Verbose_logging_for_specific_SMTP_connections&diff=68552Verbose logging for specific SMTP connections2021-11-03T11:17:20Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Verbose logging for specific SMTP connections=<br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 9.0}}|{{ZCS 8.8}}|}}<br />
<hr><br />
<br />
==Problem==<br />
How to enable Postfix debug logging for a particular client or sender server? <br />
<br />
<br />
==Solution==<br />
<br />
To debug smtp connection from a specific client or sender server, we need to configure the parameters <code>debug_peer_level</code> and <code>debug_peer_list</code>. <br />
<br />
'''1)''' Increase debug level. (default: 2) <br />
postconf -e debug_peer_level=6 <br />
<br />
<br />
'''2)''' Add sender's IP or hostname or domain name in the debug_peer_list. <br />
postconf -e debug_peer_list='192.168.0.124,example.com' <br />
<br />
'''Note:''' We can define one or more IP addresses, domains, or net/masks. White spaces are not allowed between the values. <br />
<br />
<br />
'''3)''' Reload postfix to make the change effective immediately. <br />
postfix reload<br />
<br />
<br />
'''4)''' Now check log file "<code>/var/log/zimbra.log</code>". <br />
<br />
<br />
Once troubleshooting is done, then disable debug logging: <br />
postconf debug_peer_list="" <br />
postfix reload<br />
<br />
<br />
==Additional information==<br />
http://www.postfix.org/DEBUG_README.html <br />
<br />
http://www.postfix.org/postconf.5.html#debug_peer_level<br />
<br />
http://www.postfix.org/postconf.5.html#debug_peer_list<br />
<br />
<br />
<br />
<br />
{| class="wikitable" style="background-color:#d0f0c0;" cellpadding="10"<br />
|'''Submitted by''': Heera Singh Koranga<br />
|}<br />
{{Article Footer|ZCS 9.0,8.8.15|2021-05-24}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=How_To_Increase_SMTP_Debug_Logging_-_MTA&diff=68551How To Increase SMTP Debug Logging - MTA2021-11-03T11:16:40Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=How To Increase SMTP Debug Logging - MTA=<br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 9.0}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
<hr><br />
==Purpose==<br />
How To Increase SMTP Debug Logging - MTA<br />
<br />
==Resolution==<br />
<br />
'''1)''' You can obtain this by modifying the master.cf.in. <br />
:'''On ZCS v8.6 and Old:''' Modify <code>"/opt/zimbra/postfix/conf/master.cf.in"</code>, go to the smtpd line and at the end of the line add -vv<br />
smtp inet n - n - - smtpd -vv <br />
<br />
<br />
:'''On ZCS v8.7.x and Above:''' Modify <code>"/opt/zimbra/common/conf/master.cf.in"</code>, go to the postscreen and smtpd lines and at the end of the line add -vv<br />
<br />
smtp inet n - n - 1 postscreen -vv<br />
...<br />
smtpd pass - - n - - smtpd -vv<br />
...<br />
smtp unix - - n - - smtp -vv<br />
...<br />
465 inet n - n - - smtpd -vv <br />
...<br />
submission inet n - n - - smtpd -vv<br />
<br />
To diagnose mail delivery problems we can enable verbose logging for each delivery agent (cleanup, qmgr, lmtp, local, pipe, smtp, virtual, etc.).<br />
<br />
<br />
'''2)''' Restart the MTA service. <br />
zmmtactl restart <br />
<br />
<br />
'''3)''' Check log file "/var/log/zimbra.log" <br />
<br />
<br />
==Additional Content==<br />
* No related content.<br />
<br />
<br />
<br />
{{Article Footer|Zimbra Collaboration 9.0, 8.8, 8.7, 8.6|04/26/2015}}<br />
{{NeedSME|SME1|SME2|Copyeditor}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=How_to_create_a_contact_group_from_CLI&diff=68550How to create a contact group from CLI2021-11-03T11:15:34Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=How to create contact and contact group from CLI using Zmsoap command?= <br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.8}}||||}} <br />
<br />
<br />
<br />
====Problem====<br />
How to create contact and contact group from CLI using Zmsoap command and add local contact and GAL contact in the contact group?<br />
<br />
====Solution====<br />
====Create a local contact through the Zmsoap command.====<br />
<br />
Create the SOAP XML as per Zimbra SOAP API - /tmp/createcontact.xml and add the following line to this file and save it :<br />
<br />
<CreateContactRequest xmlns="urn:zimbraMail"><br />
<cn l="7"><br />
<a n="firstName">Test</a><br />
<a n="lastName">Test</a><br />
<a n="homeStreet">Test street</a><br />
<a n="mobilePhone">8000062359</a><br />
<a n="fullName">Test, Test</a><br />
<a n="email">test@gmail.com</a><br />
</cn><br />
</CreateContactRequest><br />
<br />
Run the below command to create a local contact :<br />
$zmsoap -v -z -m user@domain.com -f /tmp/createcontact.xml <br />
<br />
====Create a contact group through Zmsoap.====<br />
<br />
Create the SOAP XML as per Zimbra SOAP API - /tmp/createcontact_group.xml and add the following line to this file and save :<br />
<br />
<CreateContactRequest xmlns="urn:zimbraMail"><br />
<cn l="7"><br />
<a n="fileAs">8:testgroup</a><br />
<a n="nickname">testgroup</a><br />
<a n="type">group</a><br />
<a n="fullName">testgroup</a><br />
</cn><br />
</CreateContactRequest><br />
<br />
Run the below command to create a contact group :<br />
$zmsoap -v -z -m user@domain.com -f /tmp/createcontact.xml<br />
<br />
====Add the local contact in contact group.====<br />
$zmsoap -v -z -m user@domain.com ModifyContactRequest/cn @id=group_id m/@op="+" @type="C" @value="contact_id"<br />
<br />
Here "group_id" is contact group ID and "contact_id" is the local contact ID.<br />
<br />
Run the following command to get group_id and contact_id :<br />
$zmmailbox -z -m user@domain.com gact >/tmp/getall_contact.txt<br />
<br />
Both group_id and contact_id can be found in this file /tmp/getall_contact.txt.<br />
<br />
====Add the GAL contact in contact group.====<br />
$zmsoap -v -z -m test2@domain.com ModifyContactRequest/cn @id=group_id m/@op="+" @type="G" @value="uid=Gopal,ou=people,dc=domain,dc=com"<br />
<br />
Here "group_id" is a contact group ID and "uid=Gopal,ou=people,dc=domain,dc=com" GAL contact that needs to be added to the contact group.<br />
<br />
Contact gopal@domain.com is saved in LDAP in this format "uid=Gopal,ou=people,dc=domain,dc=com" , replace UID with the actual contact name and domain.<br />
<br />
For more reference : Zimbra SOAP API [https://wiki.zimbra.com/wiki/SOAP_API_Reference_Material_Beginning_with_ZCS_8 external link]<br />
<br />
{{SubmittedBy|Gopal Singh Bhandari}}<br />
<br />
{{Article Footer|ZCS 8.8|2020-07-10}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Delete_emailed_contact&diff=68549Delete emailed contact2021-11-03T11:14:44Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=How to delete emailed contact using CLI?= <br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.8}}||||}} <br />
<br />
<br />
<br />
====Problem====<br />
* Remove any wrong emailed contact from a user's account.<br />
<br />
====Solution====<br />
* Search emailed contact which needs to be deleted using below command<br />
<pre><br />
$ zmmailbox -z -m account@example.com gact -f "Emailed Contacts" |grep -i user@example.com<br />
<br />
Id: 3142<br />
Folder: /Emailed Contacts<br />
Date: 03/31/20 16:53<br />
Revision: 25933<br />
Attrs:<br />
firstName: admin<br />
email: user@example.com<br />
<br />
</pre> <br />
<br />
Note "Id" from the above command's output which is needed in the next step to remove the emailed contact. In the above example, Id is "3142".<br />
<br />
* Delete emailed contacts using CLI by copying above mentioned "Id" in below command<br />
<pre><br />
$ zmmailbox -z -m account@example.com dct 3142<br />
</pre><br />
<br />
<br />
<br />
<br />
{{SubmittedBy|Vivek Dhande}}<br />
<br />
{{Article Footer|ZCS 8.8|2020-05-13}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Limit_number_of_accounts_for_domain&diff=68548Limit number of accounts for domain2021-11-03T11:13:35Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=How to limit number of accounts to be created in a domain= <br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.8}}||||}} <br />
<br />
<br />
<br />
====Problem====<br />
* Restrict the number of accounts to be created for a domain.<br />
* How to define maximum accounts allowed in a domain.<br />
<br />
<br />
====Solution====<br />
Domain level attribute <code>zimbraDomainMaxAccounts</code> is responsible to limit the number of accounts to be created for a domain. By default, no limit is set on the domain.<br />
<pre><br />
zimbraDomainMaxAccounts<br />
maximum number of accounts allowed in a domain<br />
<br />
type : integer<br />
value : <br />
callback : <br />
immutable : false<br />
cardinality : single<br />
requiredIn : <br />
optionalIn : domain<br />
flags : <br />
defaults : <br />
min : 0<br />
max : <br />
id : 400<br />
requiresRestart : <br />
since : <br />
deprecatedSince : <br />
<br />
</pre><br />
<br />
To set/change <code>zimbraDomainMaxAccounts</code> attribute use below command:<br />
<pre><br />
su - zimbra<br />
zmprov md <domain_name> zimbraDomainMaxAccounts <value><br />
</pre><br />
<br />
{{SubmittedBy|Vivek Dhande}}<br />
<br />
{{Article Footer|ZCS 8.8|2020-05-17}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Admin_console_blank&diff=68547Admin console blank2021-11-03T11:12:32Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Admin console page is not loading.= <br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.8}}||||}} <br />
<br />
<br />
====Problem====<br />
* Admin console page shows blank.<br />
[[File:admin_console_blank.png|800px|middle]]<br />
<br />
====Solution====<br />
<br />
=====Scenario 1 : Corruption of <code>ZaMsg.properties</code> file. =====<br />
<br />
* To confirm whether it is caused due ZaMsg.properties file corruption, Search for below error in web browser console logs,<br />
<pre><br />
For Chrome: Check the "inspect element" in the console section.<br />
For firefox: Check "web console" in the console section.<br />
</pre><br />
<br />
It will show a similar error like below:<br />
<pre><br />
TypeError: ZaMsg.never is undefined<br />
</pre><br />
<br />
* If found similar error like above then there might be a chance of ZaMsg.properties file corruption on Zimbra server.<br />
<pre><br />
/opt/zimbra/jetty/webapps/zimbraAdmin/WEB-INF/classes/messages/ZaMsg.properties<br />
</pre><br />
<br />
* To fix this issue, take a backup of the current <code>ZaMsg.properties</code> file and then copy this file from any other working ZCS server or any other working mailbox server(in the multi-server environment) which is on the same version and same patch as ZCS server.<br />
<br />
* Once this file is copied to affected server then set correct ownership and permissions as below,<br />
<pre><br />
cd /opt/zimbra/jetty/webapps/zimbraAdmin/WEB-INF/classes/messages<br />
chmod 664 ZaMsg.properties<br />
chown zimbra:zimbra ZaMsg.properties<br />
</pre><br />
<br />
* Clear the ZCS server cache,<br />
<pre><br />
zmprov fc all<br />
</pre><br />
<br />
* Clear browser cache and try to load the admin console page again.<br />
<br />
<br />
{{SubmittedBy|Vivek Dhande}}<br />
<br />
{{Article Footer|ZCS 8.8|2020-05-22}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Steps_to_make_AdminConsole_Proxy_URL_Port_9071_Link_Accessible_from_Webclient&diff=68546Steps to make AdminConsole Proxy URL Port 9071 Link Accessible from Webclient2021-11-03T11:10:42Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
= How to make admin console accessible from ZWC for admin accounts = <br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.7}}||||}} <br />
<br />
<br />
====Problem====<br />
Admin Console link on webclient for Admin accounts is broken. <br />
<br />
====Solution====<br />
By default "Admin Console" link on webclient redirects to port 7071.<br />
If zimbra proxy is configured and AdminConsole port is set to 9071 then configure the attribute "zimbraWebClientAdminReference" with the correct Admin URL and port :<br />
<br />
su - zimbra<br />
zmprov mcf zimbraWebClientAdminReference "https://mail.example.com:9071"<br />
zmprov fc -a all<br />
<br />
After running above commands, access the admin console link and verify the URL redirection. <br />
If it still does not redirect to port 9071 then clear the cache on all servers using "zmprov fc -a all" or restart the mailbox service on all mailbox servers and then check admin console link again.<br />
<br />
<br />
{{Article Footer|ZCS 8.7|2020-04-13}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Steps_to_make_AdminConsole_Proxy_URL_Port_9071_Link_Accessible_from_Webclient&diff=68545Steps to make AdminConsole Proxy URL Port 9071 Link Accessible from Webclient2021-11-03T11:10:20Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
= How to make admin console accessible from ZWC for admin accounts = <br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.7}}||||}} <br />
{{WIP}} <br />
<br />
<br />
====Problem====<br />
Admin Console link on webclient for Admin accounts is broken. <br />
<br />
====Solution====<br />
By default "Admin Console" link on webclient redirects to port 7071.<br />
If zimbra proxy is configured and AdminConsole port is set to 9071 then configure the attribute "zimbraWebClientAdminReference" with the correct Admin URL and port :<br />
<br />
su - zimbra<br />
zmprov mcf zimbraWebClientAdminReference "https://mail.example.com:9071"<br />
zmprov fc -a all<br />
<br />
After running above commands, access the admin console link and verify the URL redirection. <br />
If it still does not redirect to port 9071 then clear the cache on all servers using "zmprov fc -a all" or restart the mailbox service on all mailbox servers and then check admin console link again.<br />
<br />
<br />
{{Article Footer|ZCS 8.7|2020-04-13}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=External_auth_IP_address_change&diff=68544External auth IP address change2021-11-03T11:08:46Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=External auth IP address change= <br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.7}}||||}} <br />
<br />
<br />
<br />
<br />
====Problem====<br />
When using an external authentication and the server IP of the external LDAP changes, what changes are needed on ZCS?<br />
<br />
====Solution==== <br />
Any changes to the external LDAP IP address should be done from the Admin console.<br />
Go to the respective domain for which the external auth has been enabled and for whom the IP address is changed > right click and select > Configure Authentication and change to the new IP address.<br />
This should reflect the change<br />
<br />
<br />
{{SubmittedBy| Aarti Shah}}<br />
<br />
{{Article Footer|ZCS 8.7|2020-04-13}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Zimbra_NG_Blob_Check&diff=68543Zimbra NG Blob Check2021-11-03T11:07:40Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Local Failure Notice in Zimbra Connector for Outlook=<br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.8}}||||}} <br />
<br />
<br />
<br />
====Problem====<br />
While removing missing blobs by using "zmblobchk" command on server, following error message is observed: <br />
<br />
"invalid request: org.openzal.zal.extension.InternalOverrideStoreManager is not supported".<br />
<br />
====Solution====<br />
From ZCS 8.8.x, Zimbra has introduced NG modules which includes the HSM NG module and also replaces the legacy 'zmblobchk' functionality which is used to check the consistency of the blob store. To avoid the error, use the given command line options with HSM NG modules :<br />
<br />
=====Command line options=====<br />
* Run the Following command line to check the blobs.<br />
<br />
zxsuite hsm doCheckBlobs start<br />
<br />
* Perform a BLOB coherency check on volumes 1 and 3<br />
<br />
zxsuite hsm doCheckBlobs start volume_ids 1,3<br />
<br />
* Perform a BLOB coherency check on mailboxes 2,9 and 27<br />
<br />
zxsuite hsm doCheckBlobs start mailbox_ids 2,9,27<br />
<br />
* Unrestorable missing blobs should be removed from the store using following command line, <br />
<br />
zxsuite hsm doCheckBlobs start missing_blob_delete_item true<br />
<br />
{| class="wikitable" style="background-color:#d0f0c0;" cellpadding="10"<br />
|'''Submitted by''': Sandesh Satam<br />
|}<br />
<br />
{{Article Footer|ZCS 8.8 |2020-04-11}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Zimbra_NG_Blob_Check&diff=68542Zimbra NG Blob Check2021-11-03T11:07:11Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Local Failure Notice in Zimbra Connector for Outlook=<br />
<hr><br />
{{KB|{{WIP}}|{{ZCS 8.8}}||||}} <br />
<br />
<br />
<br />
====Problem====<br />
While removing missing blobs by using "zmblobchk" command on server, following error message is observed: <br />
<br />
"invalid request: org.openzal.zal.extension.InternalOverrideStoreManager is not supported".<br />
<br />
====Solution====<br />
From ZCS 8.8.x, Zimbra has introduced NG modules which includes the HSM NG module and also replaces the legacy 'zmblobchk' functionality which is used to check the consistency of the blob store. To avoid the error, use the given command line options with HSM NG modules :<br />
<br />
=====Command line options=====<br />
* Run the Following command line to check the blobs.<br />
<br />
zxsuite hsm doCheckBlobs start<br />
<br />
* Perform a BLOB coherency check on volumes 1 and 3<br />
<br />
zxsuite hsm doCheckBlobs start volume_ids 1,3<br />
<br />
* Perform a BLOB coherency check on mailboxes 2,9 and 27<br />
<br />
zxsuite hsm doCheckBlobs start mailbox_ids 2,9,27<br />
<br />
* Unrestorable missing blobs should be removed from the store using following command line, <br />
<br />
zxsuite hsm doCheckBlobs start missing_blob_delete_item true<br />
<br />
{| class="wikitable" style="background-color:#d0f0c0;" cellpadding="10"<br />
|'''Submitted by''': Sandesh Satam<br />
|}<br />
<br />
{{Article Footer|ZCS 8.8 |2020-04-11}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Local_Failure_Notice_in_Zimbra_Connector_for_Outlook&diff=68541Local Failure Notice in Zimbra Connector for Outlook2021-11-03T11:04:15Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Local Failure Notice in Zimbra Connector for Outlook=<br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.8}}||||}} <br />
<br />
====Problem====<br />
Local Failure Notice in Zimbra Connector for Outlook .<br />
<br />
Error :<br />
<br />
Subject: Local Failure Notice <br />
Importance: High<br />
This e-mail was generated for technical support purposes.<br />
Sync Type: Initial Sync<br />
Sync Token (before request): 123893<br />
Sync Token (most current): 123895<br />
Store: Zimbra - Pat Waddington<br />
Computer Name: PATW<br />
ZCO Version: 8.8.15<br />
Server Version: 8.8.15_GA_3869.<br />
Error IDs: <br />
id (19552) type(message)Subject: Local Failure Notice <br />
Importance: High<br />
This e-mail was generated for technical support purposes.<br />
Sync Type: Initial Sync<br />
Sync Token (before request): 123893<br />
Sync Token (most current): 123895<br />
Store: Zimbra - Pat Waddington<br />
Computer Name: PATW<br />
ZCO Version: 8.8.15<br />
Server Version: 8.8.15_GA_3869<br />
Error IDs: <br />
id (19552) type(message)<br />
<br />
<br />
====Solution 1 : Setting the sync tokens ====<br />
<br />
In some cases, sync failures might not be resolved unless the Sync Token number is set back several tokens before the failed sync. For example, if setting the Sync Token to 123743 still fails to sync the item, setting the Sync Token to 123621 might successfully sync the item. To set the Sync Token and attempt to resync an item that failed to sync, click Set Sync Token in the Zimbra Support Toolbar. The Update Sync Token dialog opens.<br />
<br />
In the Update Sync Token dialog, enter the Sync Token to set. Click OK . To attempt to re-sync the item, click Send/Receive.<br />
<br />
====Solution 2 : Deleting the corrupted items ====<br />
If still the issue persists after the setting the Sync Token, The issue is due to the particular message which is corrupted shown in the error description <br />
'''Error IDs: id (19552) type(message)''' .<br />
<br />
To resolve the issue the corrupted message needs to be deleted. To locate the message first find the path of the message.In the above example, the ID of the message is 19552, use the zmmetadump tool to get the message path in the store.<br />
<br />
<pre><br />
zmmetadump -m <mailbox id/email> -i <item id><br />
</pre><br />
<br />
The mailbox-id can be found with the below command<br />
<pre><br />
zmprov gmi user@domain.com<br />
</pre><br />
<br />
Look for the blob path in the output. This output should look something similar to this:<br />
The line containing the [Blob Path] is what is needed.<br />
<pre><br />
[] INFO: Setting mysql connector property: maxActive=100<br />
[] INFO: Setting mysql connector property: maxActive=100<br />
[Database Columns]<br />
mailbox_id: 13<br />
id: 19552<br />
type: 5<br />
parent_id: <null><br />
folder_id: 2<br />
index_id: 19552<br />
imap_id: 19552<br />
date: 1275500831 (Wed 2020/06/02 11:47:11 MDT)<br />
size: 2046<br />
volume_id: 1<br />
blob_digest: IQLaa2e9,1,TXMn34l6E0r+A1WQ=<br />
unread: 1<br />
flags: 0<br />
tags: 0<br />
sender: xxxxxx<br />
subject: works<br />
name: <null><br />
mod_metadata: 28832<br />
change_date: 1275500831 (Wed 2020/06/02 11:47:11 MDT)<br />
mod_content: 28832<br />
<br />
[Blob Path]<br />
/opt/zimbra/store/0/13/msg/9/19552-xxxxx.msg<br />
<br />
[Metadata]<br />
MetaData version = 10<br />
{<br />
f = <br />
s = <br />
}<br />
</pre><br />
<br />
Once the blob path, ID of the account, and the ID of the message is found do the following <br />
<br />
*.Remove the message<br />
<pre><br />
zmmailbox -z -m user@domain.com di (item-id) <br />
</pre><br />
<br />
*. Verify the message was actually removed from the path, like the below path from the example.<br />
<pre><br />
/opt/zimbra/store/0/13/msg/9<br />
</pre><br />
<br />
*. Reconfigure the outlook profile.<br />
<br />
{| class="wikitable" style="background-color:#d0f0c0;" cellpadding="10"<br />
|'''Submitted by''': Nagesh Bhagwat<br />
|}<br />
<br />
{{Article Footer||}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Create_a_delegated_admin_to_see_account_list_only_(Read-Only_admin)&diff=68540Create a delegated admin to see account list only (Read-Only admin)2021-11-03T10:58:25Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Create a legacy delegated admin to see account list only (Read-Only admin)=<br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|{{ZCS 8.5}}|}} <br />
<br />
====Problem====<br />
Steps to create a delegated admin to see account list only (Read-Only admin)<br />
<br />
====Solution====<br />
<br />
=====Step 1=====<br />
Create delegated admin account with required AdminConsole UI component. <br />
zmprov ca ListAccount-ADMIN@DOMAIN.COM <PASSWORD> zimbraIsDelegatedAdminAccount TRUE zimbraAdminConsoleUIComponents accountListView<br />
<br />
<br />
=====Step 2===== <br />
Now assign following grants. <br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM -deleteAccount<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM -changeAccountPassword<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM adminConsoleAccountRights<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM -getAccountMembership<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM -addAccountAlias<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM countAccount<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM -modifyAccount<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM -createAccount<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM -renameAccount<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM -setAccountPassword<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM -removeAccountAlias <br />
<br />
<br />
'''Note:'''<br />
Replace '''ListAccount-ADMIN''' and '''DOMAIN.COM''' with the actual Admin user and '''DOMAIN''' name.<br />
<br />
<br />
{| class="wikitable" style="background-color:#d0f0c0;" cellpadding="10"<br />
|'''Submitted by''' Heera Singh Koranga<br />
|}<br />
<br />
{{Article Footer||}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Create_a_delegated_admin_to_see_account_list_only_(Read-Only_admin)&diff=68539Create a delegated admin to see account list only (Read-Only admin)2021-11-03T10:57:56Z<p>Shanxt: /* Create a delegated admin to see account list only (Read-Only admin) */</p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Create a legacy delegated admin to see account list only (Read-Only admin)=<br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|{{ZCS 8.5}}|}} <br />
{{WIP}}<br />
<br />
====Problem====<br />
Steps to create a delegated admin to see account list only (Read-Only admin)<br />
<br />
====Solution====<br />
<br />
=====Step 1=====<br />
Create delegated admin account with required AdminConsole UI component. <br />
zmprov ca ListAccount-ADMIN@DOMAIN.COM <PASSWORD> zimbraIsDelegatedAdminAccount TRUE zimbraAdminConsoleUIComponents accountListView<br />
<br />
<br />
=====Step 2===== <br />
Now assign following grants. <br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM -deleteAccount<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM -changeAccountPassword<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM adminConsoleAccountRights<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM -getAccountMembership<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM -addAccountAlias<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM countAccount<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM -modifyAccount<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM -createAccount<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM -renameAccount<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM -setAccountPassword<br />
zmprov grr domain DOMAIN.COM usr ListAccount-ADMIN@DOMAIN.COM -removeAccountAlias <br />
<br />
<br />
'''Note:'''<br />
Replace '''ListAccount-ADMIN''' and '''DOMAIN.COM''' with the actual Admin user and '''DOMAIN''' name.<br />
<br />
<br />
{| class="wikitable" style="background-color:#d0f0c0;" cellpadding="10"<br />
|'''Submitted by''' Heera Singh Koranga<br />
|}<br />
<br />
{{Article Footer||}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Error_with_disclaimer_when_%27ldap_url%27_contains_more_than_one_LDAP_server&diff=68538Error with disclaimer when 'ldap url' contains more than one LDAP server2021-11-03T10:56:24Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Error with disclaimer when 'ldap_url' contains more than one LDAP server=<br />
{{KB|{{ZC}}|{{ZCS 8.6}}|{{ZCS 8.5}}|{{ZCS 8.0}}|}}<br />
<br />
====Problem====<br />
Unable to configure domain disclaimer if more than one ldap server entries exist in the ldap_url.<br />
Altermime throwing below error while generating disclaimer files :<br />
./libexec/zmaltermimeconfig -e DOMAIN.COM<br />
<br />
Error connecting to LDAP server: ldap://ldap1.DOMAIN.COM:389 ldap://ldap2.DOMAIN.COM:389 at ./libexec/zmaltermimeconfig line 63, <DATA> line 751.<br />
<br />
====Solution====<br />
See the following steps to fix this problem, and using these steps there is no need to restart any service.<br />
<br />
=====Step 1=====<br />
Check LDAP server entries in localconfig:- <br />
zmlocalconfig ldap_url <br />
<br />
Output:-<br />
ldap_url = ldap://ldap1.DOMAIN.COM:389 ldap://ldap2.DOMAIN.COM:389 <br />
<br />
<br />
=====Step 2=====<br />
Remove second LDAP server entry from ldap_url. There is no need to restart any service for this change. <br />
zmlocalconfig -e ldap_url="ldap://ldap1.DOMAIN.COM:389" <br />
<br />
<br />
=====Step 3=====<br />
Now generate domain disclaimer files for altermime:- <br />
./libexec/zmaltermimeconfig -e DOMAIN.COM <br />
<br />
<br />
=====Step 4=====<br />
After generating domain disclaimer files revert ldap_url entries:- <br />
zmlocalconfig -e ldap_url="ldap://ldap1.DOMAIN.COM:389 ldap://ldap2.DOMAIN.COM:389"<br />
<br />
<br />
'''Note :'''<br />
There is a bug for this issue, which affecting v8.0.x, v8.5.x and v8.6. https://bugzilla.zimbra.com/show_bug.cgi?id=84003 <br><br />
This bug fixed on v8.7.0. <br />
<br />
<br />
{| class="wikitable" style="background-color:#d0f0c0;" cellpadding="10"<br />
|'''Submitted by''': Heera Singh Koranga <br />
|}<br />
<br />
{{Article Footer||}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Change/Importing_contacts_via_CSV_using_curl&diff=68537Change/Importing contacts via CSV using curl2021-11-03T10:54:53Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Importing contacts via CSV using curl= <br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.8}}||||}} <br />
<br />
<br />
====Problem====<br />
<br />
When trying to import a contact via CSV file using curl. we get the following error in the mailbox.log file:<br />
<br />
<pre><br />
2016-01-22 13:31:04,844 INFO [qtp509886383-729:https://localhost:7071/home/user@example.com/Contacts?fmt=csv [name=admin@zcs.va;mid=9;ip=127.0.0.1;] UserServlet - POST: https://localhost:7071/home/user@example.com<br />
2016-01-22 13:31:04,845 INFO [qtp509886383-729:https://localhost:7071/home/user@example.com/Contacts?fmt=csv] [name=admin@zcs.va;mid=9;ip=127.0.0.1;] mailbox - UserServlet received file unknown - 195 request bytes<br />
</pre><br />
<br />
<br />
====Solution====<br />
<br />
* Ensure the CSV is in the following format:<br />
*:<pre><br />
*::"First Name","Last Name","Display Name","Nickname","Primary Email","Secondary Email","Screen Name","Work Phone","Home Phone","Fax Number","Pager Number","Mobile Number","Home Address","Home City","Home County","Home Post Code","Home Country","Work Address","Work City","Work County","Work Post Code","Work Country","Job Title","Department","Organisation","Web Page 1","Web Page 2","Birth Month","Custom 1","Custom 2","Custom 3","Custom 4","Notes"<br />
*::"John","Doe","John Doe","John","John.Doe@example.com","","","","","","","","","","","","","","","","","","","","","","","","","","","",""</pre><br />
<br />
* Import using this command:<br />
*:<pre>curl -k -u admin@example.com:admin_pass --upload-file /tmp/contact.csv https://localhost:7071/home/user@example.com/Contacts?fmt=csv</pre><br />
<br />
Using the above command, the admin can import contacts for all users. Just change <code>user@example.com</code> to the relevant user's address.<br />
If you're using a valid SSL certificate, <code>-k</code> can be omitted.<br />
<br />
<br />
{| class="wikitable" style="background-color:#d0f0c0;" cellpadding="10"<br />
|'''Submitted by''': Shashank Shekhar Tewari<br />
|}<br />
<br />
{{Article Footer|ZCS 8.8|2020-04-13}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Zmlogger_process_uses_100perCPU&diff=68536Zmlogger process uses 100perCPU2021-11-03T10:52:48Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"> <br />
=zmlogger process uses 100%CPU= <br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.8}}||||}} <br />
<br />
<br />
====Problem ====<br />
<br />
The process zmlogger of Zimbra server is using 100% CPU.<br />
<br />
====Solution ====<br />
* Clean the files zimbra.log and zimbra-stats.log in /var/log/ if they are large in size. <br />
* If the previous step doesn't help, run the below steps to improve the performance :<br />
<br />
zmcontrol stop<br />
zmlocalconfig -e zmmtaconfig_interval=6000 <br />
zmprov mcf zimbraLogRawLifetime 7d <br />
zmprov mcf zimbraLogSummaryLifetime 30d <br />
/opt/zimbra/libexec/zmlogprocess <br />
<br />
Change the crontab entry for logger as below :<br />
crontab -e<br />
*/60 * * * * /opt/zimbra/libexec/zmstatuslog <br />
<br />
zmcontrol start <br />
<br />
{{SubmittedBy| Aarti Shah}}<br />
<br />
{{Article Footer|ZCS 8.8|2020-04-13}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=How_to_Disable_Zimbra%27s_AntiSpam_and_AntiVirus_filtering&diff=68535How to Disable Zimbra's AntiSpam and AntiVirus filtering2021-11-03T10:48:43Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
= Disabling Zimbra's AntiSpam and AntiVirus filtering = <br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.8}}||||}} <br />
<br />
<br />
<br />
<br />
==== Problem ==== <br />
How to disable Zimbra's AntiSpam and AntiVirus filtering<br />
<br />
====Solution ====<br />
* Check whether antispam and antivirus service is enabled currently on server using the given command<br />
zmprov -l gs <mail.example.com> | egrep -i 'serviceen|servicein' <br />
<br />
The above command will list all the services which are currently installed and enabled on the server.<br />
<br />
* Disable the antivirus and antispam services using the given commands<br />
zmprov -l ms <mail.example.com> -zimbraServiceEnabled antispam <br />
zmprov -l ms <mail.example.com> -zimbraServiceEnabled antivirus <br />
<br />
* Comment the following line in the file /opt/zimbra/postfix/conf/main.cf<br />
content_filter = smtp-amavis:[127.0.0.1]:10024 <br />
<br />
* Restart services on server<br />
zmcontrol restart <br />
<br />
* Confirm that the antispam and antivirus services are disabled with the given command<br />
zmprov -l gs <mail.example.com> | egrep -i 'serviceen|servicein' <br />
zmcontrol status <br />
<br />
<br />
{{SubmittedBy| Aarti Shah}}<br />
<br />
{{Article Footer|ZCS 8.8|2020-04-13}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Bounces_from_Spam_Mail&diff=68534Bounces from Spam Mail2021-11-03T10:47:00Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Bounces from Spam Mail=<br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.8}}||||}} <br />
<br />
<br />
<br />
<h2>Problem</h2><br />
<br />
Block backscatter emails<br />
<br />
<h2>Solution:</h2><br />
<br />
Running below commands helps to control backscatter emails :<br />
<br />
su - zimbra<br />
zmprov mcf zimbraMtaEnableSmtpdPolicyd TRUE<br />
zmprov mcf zimbraMtaSmtpdRejectUnlistedRecipient yes<br />
zmprov mcf zimbraMtaSmtpdRejectUnlistedSender yes<br />
zmprov mcf +zimbraMtaRestriction "check_policy_service unix:private/policy"<br />
zmmtactl restart<br />
zmconfigdctl restart<br />
<br />
<br />
<br />
<br />
{| class="wikitable" style="background-color:#d0f0c0;" cellpadding="10"<br />
|'''Submitted by''': Prabhat Kumar<br />
|}<br />
<br />
{{Article Footer|ZCS 8.7.11|2020-04-13}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Not_able_to_take_complete_backup&diff=68533Not able to take complete backup2021-11-03T10:43:58Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
="Unable to parse XML file" error when using legacy backup=<br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.7}}||||}} <br />
<br />
<br />
<br />
<br />
<br />
<br />
====Problem====<br />
<br />
Not able to take complete backup and getting following exception in mailbox.log file. <br />
<br />
com.zimbra.common.service.ServiceException: system failure: unable to read metadata for account ff0cf615-6749-4e94-aa53-548cd8dba365 backup full-20161005.025406.465<br />
ExceptionId:qtp509886383-791257:https://127.0.0.1:7071/service/admin/soap/BackupRequest:1475690422338:c777d25a962adbb8<br />
Code:service.FAILURE<br />
at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:260)<br />
at com.zimbra.cs.service.backup.Backup.handleNetworkRequest(Backup.java:160)<br />
at com.zimbra.cs.service.NetworkDocumentHandler.handle(NetworkDocumentHandler.java:23)<br />
at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:581)<br />
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:435)<br />
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:266) <br />
... 52 more<br />
Caused by: com.zimbra.common.service.ServiceException: system failure: Unable to parse XML file /backup/sessions/full-20161005.025406.465/accounts/ff0/cf6/ff0cf615-6749-4e94-aa53-548cd8dba365/meta.xml<br />
ExceptionId:qtp509886383-791257:https://127.0.0.1:7071/service/admin/soap/BackupRequest:1475690422338:c777d25a962adbb8<br />
Code:service.FAILURE<br />
at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:260)<br />
at com.zimbra.cs.backup.XmlMeta.readAccountBackup(XmlMeta.java:409)<br />
at com.zimbra.cs.backup.FileBackupTarget$RestoreAcctSession.<init>(FileBackupTarget.java:2020)<br />
... 56 more<br />
<br />
====Solution====<br />
<br />
* Go to configured backup path (default is - /opt/zimbra/backup)<br />
<br />
* Open ''accounts.xml'' in your text editor, and remember the two lines related to that account. <br />
For example, if the original entry is like so :<br />
<account zimbraId="0e98d0df-0c92-48d2-bd01-a01027504d8a" email="user@example.com" latestFullBackupLabel="full-20130919.102126.721"> <br />
</account> <br />
<code style="color: red"><account zimbraId="ff0cf615-6749-4e94-aa53-548cd8dba365" email="issue@example.com" latestFullBackupLabel="full-20130919.102126.721"></code><br />
<code style="color: red"></account></code><br />
<account zimbraId="c0263897-e300-4836-9da3-4356dbe2498e" email="user2@example.com latestFullBackupLabel="full-20130919.102126.721"> <br />
</account><br />
<br />
<br />
Remove the lines pertaining to that account. In our example, it'll be 'issue@example.com'. So we remove both, the <account -info- > and </account> lines and remaining entries will looks like following: <br />
<account zimbraId="0e98d0df-0c92-48d2-bd01-a01027504d8a" email="user@example.com" latestFullBackupLabel="full-20130919.102126.721"> <br />
</account> <br />
<account zimbraId="c0263897-e300-4836-9da3-4356dbe2498e" email="user2@example.com latestFullBackupLabel="full-20130919.102126.721"> <br />
</account><br />
<br />
<br />
* Then re-run backup<br />
<br />
zmbackup -f -a -all<br />
<br />
<br />
<br />
<br />
{| class="wikitable" style="background-color:#d0f0c0;" cellpadding="10"<br />
|'''Submitted by''': Sourabh Bhushan<br />
|}<br />
<br />
{{Article Footer|ZCS 8.7.11|2020-04-13}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Steps_to_increase_max_message_size_for_ActiveSync_devices&diff=68532Steps to increase max message size for ActiveSync devices2021-11-03T10:40:34Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
= Increase max message size for ActiveSync devices (Legacy activesync) = <br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.7}}||||}} <br />
<br />
<br />
<br />
<br />
<br />
====Problem==== <br />
<br />
ActiveSync devices or Outlook EAS downloads only the first 7 MB of a message.<br />
<br />
====Solution==== <br />
By default ActiveSync devices are allowed to download only 10 MB size messages.<br />
There is a separate attribute "zimbraMobileMaxMessageSize" available to control this maximum size. <br />
<br />
With the help of following commands we can change the default limit. <br />
<br />
su - zimbra<br />
zmprov mcf zimbraMobileMaxMessageSize "31457280" #Example to set limit to 30 MB. <br />
zmmailboxdctl restart <br />
<br />
<br />
<br />
<br />
<br />
{| class="wikitable" style="background-color:#d0f0c0;" cellpadding="10"<br />
|'''Submitted by''': Heera Singh Koranga<br />
|}<br />
<br />
{{Article Footer|ZCS 8.7|2020-04-13}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Steps_to_remove_broken_soft_links_after_upgrading_to_ZCS_v8.7.x&diff=68531Steps to remove broken soft links after upgrading to ZCS v8.7.x2021-11-03T10:36:00Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Steps to remove broken soft links after upgrading to ZCS v8.7.x=<br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.8}}||||}} <br />
<br />
<br />
<br />
<br />
<br />
====Problem====<br />
<br />
After upgrading from v8.6 or older versions to v8.7.x and greater, there may be multiple broken soft links of third-party tools in "/opt/zimbra/".<br />
<br />
<br />
====Solution====<br />
<br />
From ZCS v8.7.x all third-party tools have been moved to directory "/opt/zimbra/common/", so the broken directory links from "/opt/zimbra/" can be removed. <br />
<br />
The following will get us a list of broken soft links which can then be removed manually <br />
<br />
* Command to get broken soft link list. <br />
find /opt/zimbra/ -type l ! -exec test -e {} \; -print <br />
OR <br />
find -L /opt/zimbra/ -type l <br />
OR <br />
find /opt/zimbra/ -type l | xargs file | grep "broken symbolic link" <br />
<br />
<br />
====Example==== <br />
<br />
* Output of the above will be as follows: <br />
<br />
root@ztalk:~# find /opt/zimbra/ -type l | xargs file | grep "broken symbolic link"<br />
<br />
/opt/zimbra/cyrus-sasl: broken symbolic link to `/opt/zimbra/cyrus-sasl-2.1.26.2z'<br />
/opt/zimbra/zimbramon/rrdtool: broken symbolic link to `/opt/zimbra/zimbramon/rrdtool-1.2.30'<br />
/opt/zimbra/mariadb: broken symbolic link to `/opt/zimbra/mariadb-10.0.15'<br />
/opt/zimbra/opendkim: broken symbolic link to `/opt/zimbra/opendkim-2.9.2'<br />
/opt/zimbra/dspam: broken symbolic link to `/opt/zimbra/dspam-3.10.2'<br />
/opt/zimbra/aspell: broken symbolic link to `/opt/zimbra/aspell-0.60.6.1'<br />
/opt/zimbra/mta/mariadb: broken symbolic link to `/opt/zimbra/mta/mariadb-10.0.15'<br />
/opt/zimbra/mta/mysql: broken symbolic link to `/opt/zimbra/mta/mariadb-10.0.15'<br />
/opt/zimbra/libtool: broken symbolic link to `/opt/zimbra/libtool-2.2.6b'<br />
/opt/zimbra/unbound: broken symbolic link to `/opt/zimbra/unbound-1.4.22'<br />
/opt/zimbra/bdb: broken symbolic link to `/opt/zimbra/bdb-5.2.36'<br />
/opt/zimbra/httpd: broken symbolic link to `/opt/zimbra/httpd-2.4.10'<br />
/opt/zimbra/memcached: broken symbolic link to `/opt/zimbra/memcached-1.4.17'<br />
/opt/zimbra/tcmalloc: broken symbolic link to `/opt/zimbra/tcmalloc-2.2'<br />
/opt/zimbra/rsync: broken symbolic link to `/opt/zimbra/rsync-3.1.1'<br />
/opt/zimbra/altermime: broken symbolic link to `/opt/zimbra/altermime-0.3-20100505'<br />
/opt/zimbra/zeromq: broken symbolic link to `/opt/zimbra/zeromq-3.2.3'<br />
/opt/zimbra/nginx: broken symbolic link to `/opt/zimbra/nginx-1.2.0-zimbra'<br />
/opt/zimbra/amavisd: broken symbolic link to `/opt/zimbra/amavisd-new-2.9.0'<br />
/opt/zimbra/openldap: broken symbolic link to `/opt/zimbra/openldap-2.4.39.2z'<br />
/opt/zimbra/mysql: broken symbolic link to `/opt/zimbra/mariadb-10.0.15'<br />
/opt/zimbra/curl: broken symbolic link to `/opt/zimbra/curl-7.38.0'<br />
/opt/zimbra/pflogsumm: broken symbolic link to `/opt/zimbra/pflogsumm-1.1.5'<br />
/opt/zimbra/clamav: broken symbolic link to `/opt/zimbra/clamav-0.98.4'<br />
/opt/zimbra/heimdal: broken symbolic link to `/opt/zimbra/heimdal-1.5.2'<br />
/opt/zimbra/openssl: broken symbolic link to `/opt/zimbra/openssl-1.0.1j'<br />
/opt/zimbra/cbpolicyd: broken symbolic link to `/opt/zimbra/cbpolicyd-2.1.0-beta'<br />
<br />
* To remove broken soft links, run <br />
find /opt/zimbra/ -type l -exec test ! -e {} \; -delete <br />
<br />
{{SubmittedBy| Heera Singh Koranga}}<br />
<br />
{{Article Footer|ZCS 8.8|2020-04-13}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Saslauth_Failed_(curl_easy_perform_error)&diff=68530Saslauth Failed (curl easy perform error)2021-11-03T10:34:36Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Saslauth Failed (curl_easy_perform error)= <br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.8}}||||}} <br />
<br />
<br />
<br />
====Problem====<br />
IMAP/POP clients get a password pop-up window and are not able to send and receive any e-mails. When using the correct username and password, the following authentication error in /var/log/zimbra.log file is observed :<br />
<br />
Nov 28 15:06:57 mbox1 saslauthd[45799]: auth_zimbra: ztest@xxxxxx.com auth failed: curl_easy_perform: error(56): Received HTTP code 503 from proxy after<br />
CONNECT<br />
Nov 28 15:06:57 mbox1 saslauthd[45799]: do_auth : auth failure: [user=ztest@xxxx.com] [service=smtp] [realm=xxxx.in] [mech=zimbra] [rea<br />
son=Unknown]<br />
Nov 28 15:06:57 mbox1 postfix/smtpd[18938]: warning: unknown[10.0.7.162]: SASL LOGIN authentication failed: authentication failure<br />
Nov 28 15:06:57 mbox1 postfix/smtpd[18938]: lost connection after AUTH from unknown[10.0.7.162]<br />
<br />
====Solution====<br />
Check if any additional forward proxy is enabled (like Nginx or Squid)<br />
<br />
Run following command to check the additional proxy:<br />
# env | grep -i proxy</pre> <br />
Run the following command to check saslauth with the mailbox node. The same curl command works in the backend during saslauth.<br />
$ curl -X POST -u zimbra.user2@example.com:test@123 -d 'authType=sasl' https://mbox1.example.com:7073/service/admin/soap/ -k</pre> <br />
Remove additional proxy and restart the MTA service to invalidate the old saslauth connection which was established.<br />
$ zmmtactl restart</pre> <br />
<br />
<br />
<br />
=====Why does this issue occur?===== <br />
When saslauth happens on MTA server, it checks ZCS saslauthd lookup server on port 7073 which is a mailbox server. If a local forward proxy is configured, this request will be handled by this proxy. Since this proxy doesn't know where to forward this request to, it shows HTTP 503 and 502 errors.<br />
<br />
=====How SASL works===== <br />
SASL is not a protocol but is a framework that can be used with protocols such as SMTP. For each protocol that uses SASL, there will be a specification as to how the protocol uses SASL. This means that SASL can be used with a wide range of protocols, and can be adapted to the details of how any specific protocols work.<br />
<br />
The basic operation of SASL is straightforward. The server provides a list of supported authentication mechanisms, and then the client says which one will be used (based on the client’s capabilities and security requirements).<br />
<br />
Protocols that contain SASL support include:<br />
<br />
*LDAP (Internet Standard Lightweight Directory Access Protocol)<br />
*SMTP (Internet Standard Simple Message Transfer Protocol)<br />
*POP3 (Internet Standard Post Office Protocol v3)<br />
*IMAP (Internet Standard Internet Mail Access Protocol)<br />
*XMPP: Extensible Messaging and Presence Protocol<br />
*Isode's SOM (Switch Operations and Management) Protocol<br />
<br />
This [https://www.isode.com/products/sasl.html external link] contains more information about SASL.<br />
<br />
{{SubmittedBy|Gopal Singh Bhandari}}<br />
<br />
{{Article Footer|ZCS 8.8|2020-04-13}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Issue_with_ZCO_after_doing_NG_Migration&diff=68529Issue with ZCO after doing NG Migration2021-11-03T10:20:54Z<p>Shanxt: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=ZCO, IMAP, POP do not sync after NG Migration= <br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 9.0}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
<br />
<br />
<br />
===Problem===<br />
After doing a Migration of ZCS using the NG Migration tools, accounts configured with MAPI, IMAP, POP protocol stop syncing with the existing profile. <br />
<br />
===Analysis===<br />
NG export-import is designed in such a way that it only deals with user data and does not deal with the server side data, including Tokens. Tokens act as an index between the server and MUA. When an index is broken the existing profile does not know from where to start the sync and as a result it fails.<br />
<br />
====User-Side Data====<br />
*Emails and Attachments<br />
*Folders (local and shared)<br />
*Calendars<br />
*Documents (for 6.x exports)<br />
*Briefcases<br />
*Tasks<br />
*User Preferences<br />
<br />
<br />
====Server-side Data====<br />
*COSs<br />
*LDAP user Configs (such as External Auth)<br />
*Domain Settings<br />
<br />
====Error Logs==== <br />
We can get the below log pattern on mailbox.log when a sync request comes from a migrated but existing ZCO profile<br />
2020-04-23 06:10:46,621 WARN [qtp1225197672-10057://example.com/service/soap/WaitSetRequest] [name=user@domain.com;mid=30;ip=192.168.0.1;port=60872;ua=Zimbra-ZCO/8.8.15.1867 (10.0.18363 en-US) P2440 T4bd0 R17;soapId=264f7b68;] SoapEngine - handler exceptioncom.zimbra.common.service.ServiceException: permission denied: can not access account 7a9bef11-558a-4bdf-b3e7-d25577438541<br />
<br />
We can get the following log pattern on mailbox.log when an sync request comes from an migrated existing ZDesktop profile<br />
2020-04-23 06:23:52,915 INFO [qtp1225197672-10084://pudge.ursolutions.ph/service/soap/AuthRequest] [ip=172.104.101.223;port=50522;ua=Zimbra Desktop/7.3.1_13063_Windows;soapId=264f7b9e;] SoapEngine - handler exception: authentication failed for [7a9bef11-558a-4bdf-b3e7-d25577438541], account not found<br />
<br />
===Solution===<br />
The only solution for this is to re-create the profiles once again. <br />
<br />
=====To avoid this we recommend to do Rsync method of migration, which will avoid recreation of profiles after migration. This [https://wiki.zimbra.com/wiki/Steps_To_Rebuild_ZCS_Server wiki] contains more information.=====<br />
<br />
<br />
{{SubmittedBy|Samrat Sarkar}}<br />
<br />
{{Article Footer|ZCS 9.0, ZCS 8.8.x|2020-05-29}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Tracing_soap_calls_in_Zimbra&diff=68528Tracing soap calls in Zimbra2021-11-03T10:16:24Z<p>Shanxt: /* Tracing soap calls in Zimbra */</p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Enabling TRACE logging for soap calls=<br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 9.0}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|{{ZCS 8.5}}|}} <br />
<br />
<br />
<br />
====Problem====<br />
<br />
How to trace soap requests and responses in Zimbra for a single user?<br />
<br />
<br />
====Solution====<br />
<br />
All the soap requests and responses are recorded in the /opt/zimbra/log/mailbox.log file. <br />
However by default the logging is at a minimum, so increasing the logging may be helpful as well in this case.<br />
<br />
To increase it for a single user, run :<br />
zmprov aal user@example.com zimbra.soap trace<br />
<br />
To remove these, run :<br />
zmprov ral user@example.com<br />
<br />
This will reset all the logging for that account to the default values.<br />
<br />
The zimbra.soap trace logging gives the entire request and response.<br />
<br />
<br />
{{SubmittedBy| Shashank Tewari}}<br />
<br />
<br />
{{Article Footer|ZCS 9.0, 8.8, 8.7, 8.6, 8.5, 8.8.x|2020-04-13}}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.15/P27&diff=68504Zimbra Releases/8.8.15/P272021-10-26T08:08:54Z<p>Shanxt: /* Package Upgrade */</p>
<hr />
<div>= Zimbra Collaboration Joule 8.8.15 Patch 27 GA Release =<br />
<br />
<div class="col-md-9"><br />
Check out the '''[[#Security Fixes|Security Fixes]]''','''[[#What's New|What's New]]''', '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[[#Patch Installation|Patch Installation]]''' section for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.<br />
{{ReleaseNote-note}}<br />
<br />
<br/><br />
<div style="padding:1%; color:#ff0000;font-size:19px;" ><br />
'''Critical Security Fix'''<br />
<br />
This patch contains a critical security fix that affects previous Zimbra 8.8.15 "Joule" patches: '''Patch-26, Patch-25, Patch-24, Patch-23'''. We strongly advise that our Partners and Customers immediately upgrade to the latest patch: '''Zimbra 8.8.15 Patch-27'''. <br />
<br />
To keep your systems secure, Zimbra encourages our Partners and Customers to always keep current with patches. Zimbra releases patch information directly to Partners and Customers via our regular newsletters, website, blog, and social posts, in addition to this wiki.<br />
</div><br />
<br/><br />
<br />
= Security Recommendation =<br />
Zimbra would strongly recommend the customer to review whether the Proxy Servlet is configured to allow a particular host (via zimbraProxyAllowedDomains configuration setting on each class of services), please make sure each entry in zimbraProxyAllowedDomains should be a safe and trusted host, there should '''NOT''' be any wild card entries like '''*.webex.com''' instead use specific host '''example.webex.com'''.<br />
<br />
Any entry in zimbraProxyAllowedDomains resolves to an internal IP address (such as 127.0.0.1), an attacker could possibly access services running on a different port on the same server, which would normally not be exposed publicly. So we urge our customers to review this configuration setting to ensure that there are no vulnerabilities are introduced.<br />
<br />
<br />
==Security Fixes==<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Summary <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVE-ID <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVSS Score<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Zimbra Rating <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Fix Patch Version<br />
|-<br />
|style="border: solid #ffffff;"|Upgraded OpenSSL to 1.1.1l to avoid multiple vulnerabilities.<br />
|style="border: solid #ffffff;"| [https://nvd.nist.gov/vuln/detail/CVE-2021-3711 CVE-2021-3711] [https://nvd.nist.gov/vuln/detail/CVE-2021-3712 CVE-2021-3712]<br />
|style="border: solid #ffffff;text-align:center;"| 9.8 <br />
|style="border: solid #ffffff;text-align:center;"| Critical<br />
|style="border: solid #ffffff;text-align:center;"| 8.8.15 P27<br />
|-<br />
|}<br />
<br />
= What's New =<br />
<br />
{{BetaWarning}}<br />
<br/><br />
<div style="padding:1%; color:#f68b1f;font-size:20px;" ><br />
====Ubuntu 20 Support (Beta)====<br />
We are nearing the end of our extensive QA cycle for this major upgrade. Watch for the GA announcement in an upcoming patch release.<br />
<br />
====Package Upgrade====<br />
OpenSSL has been upgraded from 1.1.1k to 1.1.1l.<br />
</div><br />
<br/><br />
<br />
= Fixed Issues =<br />
<br />
== Web UX - Classic ==<br />
* In Classic Web App, when the user tries to set up a weekly recurring appointment by visiting Repeat -> Custom and selects a Day from the dropdown, then revisits the Day dropdown and change the day, then the previous selection was not removed and the checkmark from the previous selection was not removed. The issue has been fixed.<br />
* When creating an appointment, clicking "Show Equipment" displays the Equipment field. If the user closes the tab, opens it again and clicks on "Show Equipment", the Equipment field was not displayed. Clicking "Show Equipment" for the second time displays the Equipment field. The issue has been fixed.<br />
<br />
== ZCO ==<br />
* When *zimbraMtaMaxMessageSize* was set to zero, ZCO users were not able to send emails. The issue has been fixed.<br />
* When using mixed ZCO profiles (Exchange and Zimbra), sending an email with an attachment resulted in an error. The issue has been fixed.<br />
<br />
== NG General ==<br />
* *getNotification* core command now supports json output when using *--json* option in the command.<br />
* Fixed a couple of issues that prevented the mail items to be properly purged in case of centralized volumes and the Drive items to be always purged.<br />
<br />
== Zimbra Connect ==<br />
* Fixed an unexpected behavior that prevented the emoji panel to close when it is opened and a file is dropped in a conversation with the purpose of sending it.<br />
* Notifications of new meetings have been removed on participating in a meeting from an external tab.<br />
* Minichat configuration now differentiates the conversations to be displayed. Users can now decide whether to show mini chats or not based on the chat as the configuration differentiates between one-to-one chats, groups and spaces.<br />
* Fixed *UsersCleanup* command to properly remove deleted users' data from all conversations participants list.<br />
* Minichats no more open for system messages in conversations such as: Meeting started, Meeting ended, Someone joins the conversation, Someone lefts the conversation, Someone has changed the topic, title, avatar of conversation<br />
* Now "videoserver" is displayed instead of "video server" in the example of command help "zxsuite team video-server add" or "zxsuite team video-server remove".<br />
* Fixed the height for bubble messages during meetings in the Safari browser.<br />
* Fixed a bug that prevented the inserted text from showing in the one-to-one chat textbox on searching for the contact to add.<br />
<br />
<br />
= Known Issues =<br />
<br />
== Platform ==<br />
* The '''/opt/zimbra/.saveconfig''' directory permissions are not updated correctly by zmfixperms command. Due to this, upgrading '''zimbra-openjdk-cacerts''' package fails.<br />
Workaround:- Before upgrading the package, change the permissions of /opt/zimbra/.saveconfig directory manually by executing the command '''''chown zimbra:zimbra /opt/zimbra/.saveconfig/'''''.<br />
<br />
<br />
<br />
{{PatchInstallation-8815V2|Version=8.8.15 Patch 27|Packages=<br />
FOSS:<br />
'''PackageName''' '''Version'''<br />
zimbra-patch -> 8.8.15.1634924656.p27-2<br />
zimbra-mta-patch -> 8.8.15.1634924656.p27-1<br />
zimbra-mta-components -> 1.0.14-1zimbra8.8b1<br />
zimbra-proxy-patch -> 8.8.15.1634196512.p27-1<br />
zimbra-proxy-components -> 1.0.9-1zimbra8.8b1<br />
zimbra-nginx -> 1.20.0-1zimbra8.8b2<br />
zimbra-common-core-jar -> 8.8.15.1634917408-1<br />
zimbra-common-core-libs -> 8.8.15.1623913824-1<br />
zimbra-mbox-conf -> 8.8.15.1568012813-1<br />
zimbra-mbox-service -> 8.8.15.1568694943-1<br />
zimbra-mbox-store-libs -> 8.8.15.1626439528-1<br />
zimbra-mbox-war -> 8.8.15.1618222785-1<br />
zimbra-mbox-admin-console-war -> 8.8.15.1624007059-1<br />
zimbra-mbox-webclient-war -> 8.8.15.1634208998-1<br />
zimbra-drive -> 1.0.13.1576152256-1<br />
zimbra-core-components -> 2.0.14-1zimbra8.8b1<br />
zimbra-openjdk -> 13.0.1-1zimbra8.8b1<br />
zimbra-openjdk-cacerts -> 1.0.8-1zimbra8.7b1<br />
zimbra-openssl -> 1.1.1l-1zimbra8.7b4<br />
zimbra-openldap-lib -> 2.4.59-1zimbra8.8b5<br />
zimbra-openldap-client -> 2.4.59-1zimbra8.8b5<br />
zimbra-openldap-server -> 2.4.59-1zimbra8.8b4<br />
zimbra-ldap-components -> 1.0.14-1zimbra8.8b1<br />
zimbra-core-components -> 2.0.14-1zimbra8.8b1<br />
zimbra-postfix -> 3.6.1-1zimbra8.7b3<br />
zimbra-postfix-logwatch -> 1.40.03-1zimbra8.7b1<br />
zimbra-clamav -> 0.103.2-1zimbra8.8b3<br />
zimbra-perl-mail-spamassassin -> 3.4.5-1zimbra8.8b3<br />
zimbra-spamassassin-rules -> 1.0.0-1zimbra8.8b4<br />
zimbra-openldap-server -> 2.4.59-1zimbra8.8b5<br />
zimbra-chat -> 3.0.1.1594306000-1<br />
<br />
<br />
NETWORK: <br />
'''Package Name''' '''Version''' <br />
zimbra-patch -> 8.8.15.1634924656.p27-1<br />
zimbra-mbox-ews-service -> 8.8.15.1590048861-1<br />
zimbra-drive-ng -> 3.0.15.1616091166-1<br />
zimbra-network-modules-ng -> 6.0.28.1630655972-1<br />
zimbra-docs -> 3.0.8.1616090809-1<br />
zimbra-connect -> 1.0.27.1632228204-1<br />
zimbra-zco -> 8.8.15.1907.1634723247-1<br />
zimbra-zimlet-auth -> 1.0.2.1622463729-1<br />
}}<br />
<br />
===Upgraded 3rd Party Packages===<br />
* OpenSSL and Postfix TLS 1.3 GA Packages<br />
The packages for RHEL6, RHEL7, UBUNTU14, UBUNTU16, UBUNTU18 are:<br />
<br />
'''Package Name''' '''Version'''<br />
zimbra-openssl : 1.1.1l-1zimbra8.7b4<br />
zimbra-postfix : 3.6.1-1zimbra8.7b3<br />
zimbra-nginx : 1.20.0-1zimbra8.8b2<br />
zimbra-mariadb : 10.1.25-1zimbra8.7b3<br />
zimbra-heimdal : 1.5.3-1zimbra8.7b3<br />
zimbra-curl : 7.49.1-1zimbra8.7b3<br />
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2<br />
zimbra-unbound : 1.11.0-1zimbra8.7b2<br />
zimbra-apr-util : 1.6.1-1zimbra8.7b2<br />
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4<br />
zimbra-net-snmp : 5.8-1zimbra8.7b2<br />
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3<br />
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2<br />
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3<br />
zimbra-openldap : 2.4.59-1zimbra8.8b4<br />
zimbra-opendkim : 2.10.3-1zimbra8.7b5<br />
zimbra-clamav : 0.103.2-1zimbra8.8b3<br />
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b2<br />
zimbra-perl-net-http : 6.09-1zimbra8.7b3<br />
zimbra-perl-libwww : 6.13-1zimbra8.7b3<br />
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b3<br />
zimbra-perl-xml-parser : 2.44-1zimbra8.7b3<br />
zimbra-perl-soap-lite : 1.19-1zimbra8.7b3<br />
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b3<br />
zimbra-perl-xml-simple : 2.25-1zimbra8.7b2<br />
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3<br />
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4<br />
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5<br />
zimbra-perl-innotop : 1.9.1-1zimbra8.7b3<br />
zimbra-httpd : 2.4.46-1zimbra8.7b3<br />
zimbra-php : 7.3.25-1zimbra8.7b3<br />
zimbra-postfix-logwatch : 1.40.03-1zimbra8.7b1<br />
zimbra-perl : 1.0.5-1zimbra8.7b1<br />
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1<br />
zimbra-apache-components : 2.0.4-1zimbra8.8b1<br />
zimbra-spell-components : 2.0.4-1zimbra8.8b1<br />
zimbra-snmp-components : 1.0.3-1zimbra8.7b1<br />
zimbra-mta-components : 1.0.14-1zimbra8.8b1<br />
zimbra-core-components : 2.0.14-1zimbra8.8b1<br />
zimbra-proxy-components : 1.0.9-1zimbra8.8b1<br />
zimbra-store-components : 1.0.3-1zimbra8.7b1<br />
zimbra-ldap-components : 1.0.14-1zimbra8.8b1<br />
<br />
* OpenSSL and Postfix TLS 1.3 Packages<br />
The GA packages for RHEL8 are:<br />
<br />
'''Package Name''' '''Version'''<br />
zimbra-openssl : 1.1.1l-1zimbra8.7b4<br />
zimbra-postfix : 3.6.1-1zimbra8.7b3<br />
zimbra-nginx : 1.20.0-1zimbra8.8b2<br />
zimbra-mariadb : 10.1.25-1zimbra8.7b3<br />
zimbra-heimdal : 1.5.3-1zimbra8.7b3<br />
zimbra-curl : 7.49.1-1zimbra8.7b3<br />
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2<br />
zimbra-unbound : 1.11.0-1zimbra8.7b2<br />
zimbra-apr-util : 1.6.1-1zimbra8.7b2<br />
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4<br />
zimbra-net-snmp : 5.8-1zimbra8.7b3<br />
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3<br />
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2<br />
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3<br />
zimbra-openldap : 2.4.59-1zimbra8.8b4<br />
zimbra-opendkim : 2.10.3-1zimbra8.7b5<br />
zimbra-clamav : 0.103.2-1zimbra8.8b3<br />
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b3<br />
zimbra-perl-net-http : 6.09-1zimbra8.7b4<br />
zimbra-perl-libwww : 6.13-1zimbra8.7b4<br />
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b4<br />
zimbra-perl-xml-parser : 2.44-1zimbra8.7b4<br />
zimbra-perl-soap-lite : 1.19-1zimbra8.7b4<br />
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b4<br />
zimbra-perl-xml-simple : 2.25-1zimbra8.7b3<br />
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3<br />
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4<br />
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5<br />
zimbra-perl-innotop : 1.9.1-1zimbra8.7b4<br />
zimbra-httpd : 2.4.46-1zimbra8.7b3<br />
zimbra-php : 7.3.25-1zimbra8.7b3<br />
zimbra-perl : 1.0.6-1zimbra8.7b1 <br />
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1<br />
zimbra-apache-components : 2.0.4-1zimbra8.8b1<br />
zimbra-spell-components : 2.0.4-1zimbra8.8b1<br />
zimbra-snmp-components : 1.0.3-1zimbra8.7b1<br />
zimbra-mta-components : 1.0.14-1zimbra8.8b1<br />
zimbra-core-components : 2.0.14-1zimbra8.8b1<br />
zimbra-proxy-components : 1.0.9-1zimbra8.8b1<br />
zimbra-store-components : 1.0.3-1zimbra8.7b1<br />
zimbra-ldap-components : 1.0.14-1zimbra8.8b1<br />
<br />
The updated GA packages are:<br />
<br />
'''Package''' '''Old-Version''' '''New-Version'''<br />
postfix 3.5.6 3.6.1<br />
openssl 1.1.1k 1.1.1l<br />
openldap 2.4.49 2.4.59<br />
nginx 1.19.0 1.20.0<br />
postfix-logwatch 1.40.01 1.40.03<br />
io-socket-ssl 2.020 2.068<br />
xml-simple 2.20 2.25<br />
crypt-openssl-rsa 0.28 0.31<br />
net-snmp 5.7.3 5.8<br />
dbd-mysql 4.033 4.050<br />
apr-util 1.5.4 1.6.1<br />
unbound 1.5.9 1.11.0<br />
net-ssleay 1.72 1.88<br />
<br />
* Nginx TLS 1.3 Packages<br />
The GA packages for RHEL6, RHEL7, RHEL8, UBUNTU14, UBUNTU16, UBUNTU18 are:<br />
'''PackageName''' '''Version'''<br />
zimbra-nginx -> 1.20.0-1zimbra8.8b2<br />
zimbra-proxy-patch -> 8.8.15.1634196512.p27-1<br />
zimbra-proxy-components -> 1.0.9-1zimbra8.8b1<br />
<br />
= Quick note: Open Source repo =<br />
The steps to download, build, and see our code via Github can be found here:<br />
[https://github.com/Zimbra/zm-build https://github.com/Zimbra/zm-build]<br />
<br />
= Jira Summary =<br />
== Jira Tickets fixed in 8.8.15 Patch 27 ==<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10992<br />
|style="border: solid #ffffff;vertical-align:middle;"|Hide Emoji panel on dropping file<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10991<br />
|style="border: solid #ffffff;vertical-align:middle;"|Remove new meeting notification on meeting external tab<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10990<br />
|style="border: solid #ffffff;vertical-align:middle;"|Minichat configuration now differentiates the conversations to show<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10987<br />
|style="border: solid #ffffff;vertical-align:middle;"|Fixed UsersCleanup command to correctly remove deleted users' data from participants listof all conversations<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10984<br />
|style="border: solid #ffffff;vertical-align:middle;"|Avoid opening the minichat when a system message arrives<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10983<br />
|style="border: solid #ffffff;vertical-align:middle;"|Fixed video-server string on command help<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10982<br />
|style="border: solid #ffffff;vertical-align:middle;"|Fix bubble messages on meeting conversation for Safari<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10980<br />
|style="border: solid #ffffff;vertical-align:middle;"|Input textbox on creating one to one chats fixed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10978<br />
|style="border: solid #ffffff;vertical-align:middle;"|getNotification core command doesn’t support --json output<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10974<br />
|style="border: solid #ffffff;vertical-align:middle;"|Store purge operation bugs fixed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10917<br />
|style="border: solid #ffffff;vertical-align:middle;"|Checkmark in custom weekly repeat does not work on Classic UI<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10909<br />
|style="border: solid #ffffff;vertical-align:middle;"|Show Equipment does not work sometimes<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2434<br />
|style="border: solid #ffffff;vertical-align:middle;"|If the zimbraMtaMaxMessageSize is set 0 and it is Stop sending email after upgrade ZCO 9.0.0.1903<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2389<br />
|style="border: solid #ffffff;vertical-align:middle;"|OpenSSL 1.1.1k is vulnerable and needs to be upgraded to 1.1.1l version<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2357<br />
|style="border: solid #ffffff;vertical-align:middle;"|[ZCO]+Exchange profile: Error when send attacments.<br />
|-<br />
|}</div>Shanxthttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/9.0.0/P20&diff=68503Zimbra Releases/9.0.0/P202021-10-26T07:59:30Z<p>Shanxt: /* What's New */</p>
<hr />
<div>= Zimbra Collaboration Kepler 9.0.0 Patch 20 GA Release =<br />
Check out the '''[[#Security Fixes|Security Fixes]]''','''[[#What's New|What's New]]''', '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[[#Patch Installation|Patch Installation]]''' section for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues<br />
<br />
<br/><br />
<div style="padding:1%; color:#ff0000;font-size:19px;" ><br />
'''Critical Security Fix'''<br />
<br />
This patch contains a critical security fix that affects previous Zimbra 9.0.0 "Kepler" patches: '''Patch-19, Patch-18, Patch-17, Patch-16'''. We strongly advise that our Partners and Customers immediately upgrade to the latest patch: '''Zimbra 9.0.0 Patch-20'''.<br />
<br />
To keep your systems secure, Zimbra encourages our Partners and Customers to always keep current with patches. Zimbra releases patch information directly to Partners and Customers via our regular newsletters, website, blog, and social posts, in addition to this wiki.<br />
</div><br />
<br/><br />
<br />
= Security Recommendation =<br />
Zimbra would strongly recommend the customer to review whether the Proxy Servlet is configured to allow a particular host (via zimbraProxyAllowedDomains configuration setting on each class of services), please make sure each entry in zimbraProxyAllowedDomains should be a safe and trusted host, there should '''NOT''' be any wild card entries like '''*.webex.com''' instead use specific host '''example.webex.com'''.<br />
<br />
Any entry in zimbraProxyAllowedDomains resolves to an internal IP address (such as 127.0.0.1), an attacker could possibly access services running on a different port on the same server, which would normally not be exposed publicly. So we urge our customers to review this configuration setting to ensure that there are no vulnerabilities are introduced.<br />
<br />
==Security Fixes==<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Summary <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVE-ID <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVSS Score<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Zimbra Rating <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Fix Patch Version<br />
|-<br />
|style="border: solid #ffffff;"|Upgraded OpenSSL to 1.1.1l to avoid multiple vulnerabilities.<br />
|style="border: solid #ffffff;"| [https://nvd.nist.gov/vuln/detail/CVE-2021-3711 CVE-2021-3711] [https://nvd.nist.gov/vuln/detail/CVE-2021-3712 CVE-2021-3712]<br />
|style="border: solid #ffffff;text-align:center;"| 9.8 <br />
|style="border: solid #ffffff;text-align:center;"| Critical<br />
|style="border: solid #ffffff;text-align:center;"| 9.0.0 P20<br />
|-<br />
|}<br />
<br />
= What's New =<br />
<br />
{{BetaWarning}}<br />
<br />
<br/><br />
<div style="padding:1%; color:#f68b1f;font-size:20px;" ><br />
====Ubuntu 20 Support (Beta)====<br />
<br />
We are nearing the end of our extensive QA cycle for this major upgrade. Watch for the GA announcement in an upcoming patch release.<br />
<br />
====Package Upgrade====<br />
OpenSSL has been upgraded from 1.1.1k to 1.1.1l.<br />
</div><br />
<br/><br />
<br />
= Fixed Issues =<br />
<br />
== Web UX - Classic ==<br />
* In Classic Web App, when the user tries to set up a weekly recurring appointment by visiting Repeat -> Custom and selects a Day from the dropdown, then revisits the Day dropdown and change the day, then the previous selection was not removed and the checkmark from the previous selection was not removed. The issue has been fixed.<br />
* When creating an appointment, clicking "Show Equipment" displays the Equipment field. If the user closes the tab, opens it again and clicks on "Show Equipment", the Equipment field was not displayed. Clicking "Show Equipment" for the second time displays the Equipment field. The issue has been fixed.<br />
<br />
== Web UX - Modern ==<br />
* In Modern Web App, the preview of the .rtf attachment did not worked. The issue has been fixed.<br />
* Modern Web App did not load when using Safari version 13.1.2. The issue has been fixed.<br />
<br />
== ZCO ==<br />
* When *zimbraMtaMaxMessageSize* was set to zero, ZCO users were not able to send emails. The issue has been fixed.<br />
* When using mixed ZCO profiles (Exchange and Zimbra), sending an email with an attachment resulted in an error. The issue has been fixed.<br />
<br />
== NG Mobile ==<br />
* *getNotification* core command now supports json output when using *--json* option in the command.<br />
* Fixed a couple of issues that prevented the mail items to be properly purged in case of centralized volumes and the Drive items to be always purged.<br />
<br />
== Zimbra Connect ==<br />
* Fixed an unexpected behavior that prevented the emoji panel to close when it is opened and a file is dropped in a conversation with the purpose of sending it.<br />
* Notifications of new meetings have been removed on participating in a meeting from an external tab.<br />
* Minichat configuration now differentiates the conversations to be displayed. Users can now decide whether to show mini chats or not based on the chat as the configuration differentiates between one-to-one chats, groups and spaces.<br />
* Fixed *UsersCleanup* command to properly remove deleted users' data from all conversations participants list.<br />
* Minichats no more open for system messages in conversations such as: Meeting started, Meeting ended, Someone joins the conversation, Someone lefts the conversation, Someone has changed the topic, title, avatar of conversation<br />
* Now '''videoserver''' is displayed instead of '''video server''' in the example of command help "zxsuite team video-server add" or "zxsuite team video-server remove".<br />
* Fixed the height for bubble messages during meetings in the Safari browser.<br />
* Fixed a bug that prevented the inserted text from showing in the one-to-one chat textbox on searching for the contact to add.<br />
<br />
== NG General ==<br />
* *getNotification* core command now supports json output when using *--json* option in the command.<br />
* Fixed a couple of issues that prevented the mail items to be properly purged in case of centralized volumes and the Drive items to be always purged.<br />
<br />
<br />
= Known Issues =<br />
== Platform ==<br />
* The '''/opt/zimbra/.saveconfig''' directory permissions are not updated correctly by zmfixperms command. Due to this, upgrading '''zimbra-openjdk-cacerts''' package fails.<br />
Workaround:- Before upgrading the package, change the permissions of /opt/zimbra/.saveconfig directory manually by executing the command '''''chown zimbra:zimbra /opt/zimbra/.saveconfig/'''''.<br />
<br />
<br />
{{PatchInstallation-900|Version=9.0.0 Patch 20|Packages=<br />
'''PackageName''' '''Version'''<br />
zimbra-patch -> 9.0.0.1634929347.p20-2<br />
zimbra-proxy-patch -> 9.0.0.1634196752.p20-1<br />
zimbra-proxy-components -> 1.0.9-1zimbra8.8b1<br />
zimbra-mta-patch -> 9.0.0.1634929347.p20-1<br />
zimbra-mta-components -> 1.0.14-1zimbra8.8b1<br />
zimbra-common-core-jar -> 9.0.0.1634918163-1<br />
zimbra-nginx -> 1.20.0-1zimbra8.8b2<br />
zimbra-lmdb-lib -> 2.4.59-1zimbra8.8b5<br />
zimbra-lmdb-dbg -> 2.4.59-1zimbra8.8b5<br />
zimbra-lmdb -> 2.4.59-1zimbra8.8b5<br />
zimbra-openldap-lib -> 2.4.59-1zimbra8.8b5<br />
zimbra-openldap-client -> 2.4.59-1zimbra8.8b5<br />
zimbra-openldap-server -> 2.4.59-1zimbra8.8b4<br />
zimbra-openjdk-cacerts -> 1.0.8-1zimbra8.7b1<br />
zimbra-ldap-components -> 2.0.4-1zimbra8.8b1<br />
zimbra-core-components -> 3.0.10-1zimbra8.8b1<br />
zimbra-clamav -> 0.103.2-1zimbra8.8b3<br />
zimbra-clamav-libs -> 0.103.2-1zimbra8.8b3<br />
zimbra-openssl -> 1.1.1l-1zimbra8.7b4<br />
zimbra-openssl-libs -> 1.1.1l-1zimbra8.7b4<br />
zimbra-postfix-logwatch -> 1.40.03-1zimbra8.7b1<br />
zimbra-timezone-data -> 3.0.0.1618571554-1<br />
zimbra-mbox-store-libs -> 9.0.0.1626439337-1<br />
zimbra-mbox-war -> 9.0.0.1618222842-1<br />
zimbra-mbox-webclient-war -> 9.0.0.1634207805-1<br />
zimbra-mbox-admin-console-war -> 9.0.0.1631853698-1<br />
zimbra-common-mbox-conf-attrs -> 9.0.0.1602835824-1<br />
zimbra-common-core-libs -> 9.0.0.1623914106-1<br />
zimbra-zco -> 9.0.0.1907.1634721713-1<br />
zimbra-modern-ui -> 4.17.0.1633420486-1<br />
zimbra-modern-zimlets -> 4.17.0.1633420486-1<br />
zimbra-network-modules-ng -> 7.0.19.1630655717-1<br />
zimbra-drive-ng -> 4.0.11.1616091300-1<br />
zimbra-drive-modern -> 1.0.11.1616091300-1<br />
zimbra-connect -> 2.0.19.1632228467-1<br />
zimbra-connect-modern -> 1.0.19.1630654596-1<br />
zimbra-docs -> 4.0.5.1616090633-1<br />
zimbra-docs-modern -> 1.0.4.1606409421-1<br />
zimbra-chat -> 4.0.1.1594306412-1<br />
zimbra-zimlet-auth -> 1.0.2.1622463729-1<br />
zimbra-zimlet-install-pwa -> 5.0.1.1631795284-1<br />
zimbra-zimlet-emptysubject -> 1.0.1.1631795284-1<br />
zimbra-zimlet-set-default-client -> 7.0.0.1626175269-1<br />
zimbra-zimlet-document-editor -> 6.0.1.1631795284-1<br />
zimbra-zimlet-date -> 5.0.1.1626179395-1<br />
zimbra-zimlet-additional-signature-setting -> 5.0.0.1626175269-1<br />
zimbra-zimlet-calendar-subscription -> 5.0.0.1626175269-1<br />
zimbra-zimlet-sideloader -> 6.0.0.1626175269-1<br />
zimbra-zimlet-org-chart -> 1.0.0.1626175269-1<br />
zimbra-zimlet-zulip-chat -> 5.0.0.1626175269-1<br />
zimbra-zimlet-ads -> 7.0.0.1626175269-1<br />
zimbra-zimlet-user-sessions-management -> 7.0.2.1631795284-1<br />
zimbra-zimlet-privacy-protector -> 3.0.0.1626175269-1<br />
zimbra-zimlet-duplicate-contacts -> 4.0.0.1626175269-1<br />
zimbra-zimlet-web-search -> 3.0.1.1631795284-1<br />
zimbra-zimlet-restore-contacts -> 5.0.0.1626175269-1<br />
zimbra-zimlet-zoom -> 7.0.0.1621610655-1<br />
zimbra-zimlet-slack -> 5.5.0.1621610655-1<br />
zimbra-zimlet-dropbox -> 6.0.0.1621610655-1<br />
zimbra-zimlet-onedrive -> 6.0.0.1621610655-1<br />
zimbra-zimlet-google-drive -> 6.0.0.1621610655-1<br />
zimbra-zimlet-jitsi -> 3.3.1.1621610655-1<br />
zimbra-zimlet-video-call-preferences -> 2.1.0.1621610655-1<br />
zimbra-zimlet-nextcloud -> 1.0.6.1619072255-1<br />
zimbra-zimlet-webex -> 1.0.0.1622194761-1<br />
zimbra-zimlet-voice-message -> 1.0.3.1611114827-1<br />
zimbra-zimlet-classic-unsupportedbrowser -> 2.0.0.1626175269-1<br />
zimbra-zimlet-email-templates -> 2.0.0.1606716802-1<br />
zimbra-zimlet-signature-template -> 1.0.0.1609841753-1<br />
}}<br />
<br />
===Upgraded 3rd Party Packages===<br />
* OpenSSL and Postfix TLS 1.3 Packages<br />
The packages for RHEL6, RHEL7, UBUNTU14, UBUNTU16, UBUNTU18 are:<br />
<br />
'''Package Name''' '''Version'''<br />
zimbra-openssl : 1.1.1l-1zimbra8.7b4<br />
zimbra-postfix : 3.6.1-1zimbra8.7b3<br />
zimbra-nginx : 1.20.0-1zimbra8.8b2<br />
zimbra-mariadb : 10.1.25-1zimbra8.7b3<br />
zimbra-heimdal : 1.5.3-1zimbra8.7b3<br />
zimbra-curl : 7.49.1-1zimbra8.7b3<br />
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2<br />
zimbra-unbound : 1.11.0-1zimbra8.7b2<br />
zimbra-apr-util : 1.6.1-1zimbra8.7b2<br />
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4<br />
zimbra-net-snmp : 5.8-1zimbra8.7b2<br />
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3<br />
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2<br />
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3<br />
zimbra-openldap : 2.4.49-1zimbra8.8b4<br />
zimbra-opendkim : 2.10.3-1zimbra8.7b5<br />
zimbra-clamav : 0.103.2-1zimbra8.8b3<br />
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b2<br />
zimbra-perl-net-http : 6.09-1zimbra8.7b3<br />
zimbra-perl-libwww : 6.13-1zimbra8.7b3<br />
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b3<br />
zimbra-perl-xml-parser : 2.44-1zimbra8.7b3<br />
zimbra-perl-soap-lite : 1.19-1zimbra8.7b3<br />
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b3<br />
zimbra-perl-xml-simple : 2.25-1zimbra8.7b2<br />
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3<br />
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4<br />
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5<br />
zimbra-perl-innotop : 1.9.1-1zimbra8.7b3<br />
zimbra-httpd : 2.4.46-1zimbra8.7b3<br />
zimbra-php : 7.3.25-1zimbra8.7b3<br />
zimbra-postfix-logwatch : 1.40.03-1zimbra8.7b1<br />
zimbra-perl : 1.0.5-1zimbra8.7b1<br />
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1<br />
zimbra-apache-components : 2.0.4-1zimbra8.8b1<br />
zimbra-spell-components : 2.0.4-1zimbra8.8b1<br />
zimbra-snmp-components : 1.0.3-1zimbra8.7b1<br />
zimbra-mta-components : 1.0.14-1zimbra8.8b1<br />
zimbra-core-components : 3.0.10-1zimbra8.8b1<br />
zimbra-proxy-components : 1.0.9-1zimbra8.8b1<br />
zimbra-store-components : 1.0.3-1zimbra8.7b1<br />
zimbra-ldap-components : 2.0.4-1zimbra8.8b1<br />
<br />
* OpenSSL and Postfix TLS 1.3 Packages<br />
The GA packages for RHEL8 are:<br />
<br />
'''Package Name''' '''Version'''<br />
zimbra-openssl : 1.1.1l-1zimbra8.7b4<br />
zimbra-postfix : 3.6.1-1zimbra8.7b3<br />
zimbra-nginx : 1.20.0-1zimbra8.8b2<br />
zimbra-mariadb : 10.1.25-1zimbra8.7b3<br />
zimbra-heimdal : 1.5.3-1zimbra8.7b3<br />
zimbra-curl : 7.49.1-1zimbra8.7b3<br />
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2<br />
zimbra-unbound : 1.11.0-1zimbra8.7b2<br />
zimbra-apr-util : 1.6.1-1zimbra8.7b2<br />
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4<br />
zimbra-net-snmp : 5.8-1zimbra8.7b3<br />
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3<br />
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2<br />
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3<br />
zimbra-openldap : 2.4.49-1zimbra8.8b4<br />
zimbra-opendkim : 2.10.3-1zimbra8.7b5<br />
zimbra-clamav : 0.103.2-1zimbra8.8b3<br />
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b3<br />
zimbra-perl-net-http : 6.09-1zimbra8.7b4<br />
zimbra-perl-libwww : 6.13-1zimbra8.7b4<br />
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b4<br />
zimbra-perl-xml-parser : 2.44-1zimbra8.7b4<br />
zimbra-perl-soap-lite : 1.19-1zimbra8.7b4<br />
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b4<br />
zimbra-perl-xml-simple : 2.25-1zimbra8.7b3<br />
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3<br />
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4<br />
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5<br />
zimbra-perl-innotop : 1.9.1-1zimbra8.7b4<br />
zimbra-httpd : 2.4.46-1zimbra8.7b3<br />
zimbra-php : 7.3.25-1zimbra8.7b3<br />
zimbra-perl : 1.0.6-1zimbra8.7b1<br />
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1<br />
zimbra-apache-components : 2.0.4-1zimbra8.8b1<br />
zimbra-spell-components : 2.0.4-1zimbra8.8b1<br />
zimbra-snmp-components : 1.0.3-1zimbra8.7b1<br />
zimbra-mta-components : 1.0.14-1zimbra8.8b1<br />
zimbra-core-components : 3.0.10-1zimbra8.8b1<br />
zimbra-proxy-components : 1.0.9-1zimbra8.8b1<br />
zimbra-store-components : 1.0.3-1zimbra8.7b1<br />
zimbra-ldap-components : 2.0.4-1zimbra8.8b1<br />
zimbra-mbox-store-libs : 9.0.0.1615887345-1<br />
<br />
The updated GA packages are:<br />
<br />
'''Package''' '''Old-Version''' '''New-Version'''<br />
postfix 3.5.6 3.6.1<br />
openssl 1.1.1k 1.1.1l<br />
openldap 2.4.49 2.4.59<br />
nginx 1.19.0 1.20.0<br />
postfix-logwatch 1.40.01 1.40.03<br />
io-socket-ssl 2.020 2.068<br />
xml-simple 2.20 2.25<br />
crypt-openssl-rsa 0.28 0.31<br />
net-snmp 5.7.3 5.8<br />
dbd-mysql 4.033 4.050<br />
apr-util 1.5.4 1.6.1<br />
unbound 1.5.9 1.11.0<br />
net-ssleay 1.72 1.88<br />
<br />
* Nginx TLS 1.3 Packages<br />
The GA packages for RHEL6, RHEL7, RHEL8, UBUNTU14, UBUNTU16, UBUNTU18 are:<br />
'''PackageName''' '''Version'''<br />
zimbra-nginx -> 1.20.0-1zimbra8.8b2<br />
zimbra-proxy-patch -> 9.0.0.1634196752.p20-1<br />
zimbra-proxy-components -> 1.0.9-1zimbra8.8b1<br />
<br />
=Jira Summary=<br />
== Jira Tickets fixed in 9.0.0 Patch 20 ==<br />
<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10992<br />
|style="border: solid #ffffff;vertical-align:middle;"|Hide Emoji panel on dropping file<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10991<br />
|style="border: solid #ffffff;vertical-align:middle;"|Remove new meeting notification on meeting external tab<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10990<br />
|style="border: solid #ffffff;vertical-align:middle;"|Minichat configuration now differentiates the conversations to show<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10987<br />
|style="border: solid #ffffff;vertical-align:middle;"|Fixed UsersCleanup command to correctly remove deleted users' data from participants listof all conversations<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10984<br />
|style="border: solid #ffffff;vertical-align:middle;"|Avoid opening the minichat when a system message arrives<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10983<br />
|style="border: solid #ffffff;vertical-align:middle;"|Fixed video-server string on command help<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10982<br />
|style="border: solid #ffffff;vertical-align:middle;"|Fix bubble messages on meeting conversation for Safari<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10980<br />
|style="border: solid #ffffff;vertical-align:middle;"|Input textbox on creating one to one chats fixed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10978<br />
|style="border: solid #ffffff;vertical-align:middle;"|getNotification core command doesn’t support --json output<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10974<br />
|style="border: solid #ffffff;vertical-align:middle;"|Store purge operation bugs fixed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10917<br />
|style="border: solid #ffffff;vertical-align:middle;"|Checkmark in custom weekly repeat does not work on Classic UI<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10909<br />
|style="border: solid #ffffff;vertical-align:middle;"|Show Equipment does not work sometimes<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2434<br />
|style="border: solid #ffffff;vertical-align:middle;"|If the zimbraMtaMaxMessageSize is set 0 and it is Stop sending email after upgrade ZCO 9.0.0.1903<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2389<br />
|style="border: solid #ffffff;vertical-align:middle;"|OpenSSL 1.1.1k is vulnerable and needs to be upgraded to 1.1.1l version<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2357<br />
|style="border: solid #ffffff;vertical-align:middle;"|[ZCO]+Exchange profile: Error when send attacments.<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2018<br />
|style="border: solid #ffffff;vertical-align:middle;"|Preview is not working in Modern UI for .rtf files.<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-6342<br />
|style="border: solid #ffffff;vertical-align:middle;"|Modern UI doesn't load in Safari 13.1.2<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-5198<br />
|style="border: solid #ffffff;vertical-align:middle;"|Contact view panel flickers when clicked on contact<br />
|-<br />
|}</div>Shanxt